{"id": "OPENVAS:867207", "bulletinFamily": "scanner", "title": "Fedora Update for perl-Proc-Daemon FEDORA-2013-23635", "description": "Check for the Version of perl-Proc-Daemon", "published": "2013-12-30T00:00:00", "modified": "2016-03-17T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867207", "reporter": "Copyright (C) 2013 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125174.html", "2013-23635"], "cvelist": ["CVE-2013-7135"], "type": "openvas", "lastseen": "2016-09-26T20:40:25", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d519a507204060c2595045403d0deb53"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "1a866675bb68aaa3b42397b963091b6f"}, {"key": "href", "hash": "cea696b4cb1535f95b4cc77a0f435345"}, {"key": "modified", "hash": "2b34fbedebd1ef437819c862d331e480"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "pluginID", "hash": "59e07a499d7031e16351c7b2ddf22c57"}, {"key": "published", "hash": "cd65f662baff1fb85356630a87c09667"}, {"key": "references", "hash": "c2f88a9e669e3b38badbd52a953c0824"}, {"key": "reporter", "hash": "eb0d3e4b46c4b283eb1ce082bbd5ff31"}, {"key": "sourceData", "hash": "1a638dfb6e737e43e5d091dce5f8a27f"}, {"key": "title", "hash": "6fe5c06de854dd820e241688b731c67d"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "3915b906be89428bc0736bd6d17b54c2aef8cc613ff8400fd7b7bdb2c07cae81", "viewCount": 0, "objectVersion": "1.2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Proc-Daemon FEDORA-2013-23635\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867207);\n script_version(\"$Revision: 2882 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-03-17 15:39:13 +0100 (Thu, 17 Mar 2016) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-30 12:23:59 +0530 (Mon, 30 Dec 2013)\");\n script_cve_id(\"CVE-2013-7135\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for perl-Proc-Daemon FEDORA-2013-23635\");\n\n tag_insight = \"This is version 0.14 of Proc::Daemon\n\nThis module contains the routine Init which can be called by a Perl\nprogram to initialize itself as a daemon. A daemon is a process that\nruns in the background with no controlling terminal. Generally servers\n(like FTP and HTTP servers) run as daemon processes.\n\";\n\n tag_affected = \"perl-Proc-Daemon on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23635\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/125174.html\");\n script_summary(\"Check for the Version of perl-Proc-Daemon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:fedoraproject:fedora\", \"login/SSH/success\", \"ssh/login/release\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Proc-Daemon\", rpm:\"perl-Proc-Daemon~0.14~9.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "867207", "enchantments": {"vulnersScore": 7.2}}

{"result": {"cve": [{"id": "CVE-2013-7135", "type": "cve", "title": "CVE-2013-7135", "description": "The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.", "published": "2014-01-27T19:55:03", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7135", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-03T19:18:06"}], "nessus": [{"id": "FEDORA_2013-23635.NASL", "type": "nessus", "title": "Fedora 19 : perl-Proc-Daemon-0.14-9.fc19 (2013-23635)", "description": "Add patch from debian to fix pidfile with mode 666 CVE-2013-7135\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-12-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71759", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-26T17:23:05"}, {"id": "FEDORA_2013-23594.NASL", "type": "nessus", "title": "Fedora 20 : perl-Proc-Daemon-0.14-9.fc20 (2013-23594)", "description": "Add patch from debian to fix pidfile with mode 666 CVE-2013-7135\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-12-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71757", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-26T17:24:34"}, {"id": "FEDORA_2013-23646.NASL", "type": "nessus", "title": "Fedora 18 : perl-Proc-Daemon-0.14-9.fc18 (2013-23646)", "description": "Add patch from debian to fix pidfile with mode 666 CVE-2013-7135\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-12-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71760", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-26T17:23:41"}, {"id": "MANDRIVA_MDVSA-2014-021.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : perl-Proc-Daemon (MDVSA-2014:021)", "description": "Updated perl-Proc-Daemon package fixes security vulnerability :\n\nIt was reported that perl-Proc-Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666, allowing any user on the system to overwrite it (CVE-2013-7135).", "published": "2014-01-27T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=72133", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-26T17:23:51"}, {"id": "FREEBSD_PKG_1E7F0C11673A11E598C860A44C524F57.NASL", "type": "nessus", "title": "FreeBSD : otrs -- Scheduler Process ID File Access (1e7f0c11-673a-11e5-98c8-60a44c524f57)", "description": "The OTRS project reports :\n\nAn attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI.\n\nThe Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.", "published": "2015-09-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86198", "cvelist": ["CVE-2015-6842", "CVE-2013-7135"], "lastseen": "2016-09-26T17:25:48"}], "openvas": [{"id": "OPENVAS:867271", "type": "openvas", "title": "Fedora Update for perl-Proc-Daemon FEDORA-2013-23594", "description": "Check for the Version of perl-Proc-Daemon", "published": "2014-02-05T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867271", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-26T20:42:07"}, {"id": "OPENVAS:867205", "type": "openvas", "title": "Fedora Update for perl-Proc-Daemon FEDORA-2013-23646", "description": "Check for the Version of perl-Proc-Daemon", "published": "2013-12-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=867205", "cvelist": ["CVE-2013-7135"], "lastseen": "2016-09-26T20:40:23"}], "freebsd": [{"id": "1E7F0C11-673A-11E5-98C8-60A44C524F57", "type": "freebsd", "title": "otrs -- Scheduler Process ID File Access", "description": "\nThe OTRS project reports:\n\nAn attacker with valid LOCAL credentials could access and\n\t manipulate the process ID file for bin/otrs.schduler.pl from the\n\t CLI.\nThe Proc::Daemon module 0.14 for Perl uses world-writable\n\t permissions for a file that stores a process ID, which allows local\n\t users to have an unspecified impact by modifying this file.\n\n", "published": "2015-09-17T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/1e7f0c11-673a-11e5-98c8-60a44c524f57.html", "cvelist": ["CVE-2015-6842", "CVE-2013-7135"], "lastseen": "2016-09-26T17:24:14"}]}}