Vulnerabilities > CVE-2008-6552 - Link Following vulnerability in multiple products

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1339. The text 
# itself is copyright (C) Red Hat, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(63893);
  script_version("1.7");
  script_cvs_date("Date: 2019/10/25 13:36:14");

  script_cve_id("CVE-2008-6552");
  script_xref(name:"RHSA", value:"2009:1339");

  script_name(english:"RHEL 5 : rgmanager (RHSA-2009:1339)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated rgmanager package that fixes multiple security issues,
various bugs, and adds enhancements is now available for Red Hat
Enterprise Linux 5.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The rgmanager package contains the Red Hat Resource Group Manager,
which provides high availability for critical server applications in
the event of system downtime.

Multiple insecure temporary file use flaws were discovered in
rgmanager and various resource scripts run by rgmanager. A local
attacker could use these flaws to overwrite an arbitrary file writable
by the rgmanager process (i.e. user root) with the output of rgmanager
or a resource agent via a symbolic link attack. (CVE-2008-6552)

This update also fixes the following bugs :

* clulog now accepts '-' as the first character in messages.

* if expire_time is 0, max_restarts is no longer ignored.

* the SAP resource agents included in the rgmanager package shipped
with Red Hat Enterprise Linux 5.3 were outdated. This update includes
the most recent SAP resource agents and, consequently, improves SAP
failover support.

* empty PID files no longer cause resource start failures.

* recovery policy of type 'restart' now works properly when using a
resource based on ra-skelet.sh.

* samba.sh has been updated to kill the PID listed in the proper PID
file.

* handling of the '-F' option has been improved to fix issues causing
rgmanager to crash if no members of a restricted failover domain were
online.

* the number of simultaneous status checks can now be limited to
prevent load spikes.

* forking and cloning during status checks has been optimized to
reduce load spikes.

* rg_test no longer hangs when run with large cluster configuration
files.

* when rgmanager is used with a restricted failover domain it will no
longer occasionally segfault when some nodes are offline during a
failover event.

* virtual machine guests no longer restart after a cluster.conf
update.

* nfsclient.sh no longer leaves temporary files after running.

* extra checks from the Oracle agents have been removed.

* vm.sh now uses libvirt.

* users can now define an explicit service processing order when
central_processing is enabled.

* virtual machine guests can no longer start on 2 nodes at the same
time.

* in some cases a successfully migrated virtual machine guest could
restart when the cluster.conf file was updated.

* incorrect reporting of a service being started when it was not
started has been addressed.

As well, this update adds the following enhancements :

* a startup_wait option has been added to the MySQL resource agent.

* services can now be prioritized.

* rgmanager now checks to see if it has been killed by the OOM killer
and if so, reboots the node.

Users of rgmanager are advised to upgrade to this updated package,
which resolves these issues and adds these enhancements."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.redhat.com/security/data/cve/CVE-2008-6552.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://rhn.redhat.com/errata/RHSA-2009-1339.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rgmanager package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rgmanager");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"rgmanager-2.0.52-1.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"rgmanager-2.0.52-1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60659);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:18");

  script_cve_id("CVE-2008-6552");

  script_name(english:"Scientific Linux Security Update : rgmanager on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple insecure temporary file use flaws were discovered in
rgmanager and various resource scripts run by rgmanager. A local
attacker could use these flaws to overwrite an arbitrary file writable
by the rgmanager process (i.e. user root) with the output of rgmanager
or a resource agent via a symbolic link attack. (CVE-2008-6552)

This update also fixes the following bugs :

  - clulog now accepts '-' as the first character in
    messages.

  - if expire_time is 0, max_restarts is no longer ignored.

  - the SAP resource agents included in the rgmanager
    package shipped with Scientific Linux 5.3 were outdated.
    This update includes the most recent SAP resource agents
    and, consequently, improves SAP failover support.

  - empty PID files no longer cause resource start failures.

  - recovery policy of type 'restart' now works properly
    when using a resource based on ra-skelet.sh.

  - samba.sh has been updated to kill the PID listed in the
    proper PID file.

  - handling of the '-F' option has been improved to fix
    issues causing rgmanager to crash if no members of a
    restricted failover domain were online.

  - the number of simultaneous status checks can now be
    limited to prevent load spikes.

  - forking and cloning during status checks has been
    optimized to reduce load spikes.

  - rg_test no longer hangs when run with large cluster
    configuration files.

  - when rgmanager is used with a restricted failover domain
    it will no longer occasionally segfault when some nodes
    are offline during a failover event.

  - virtual machine guests no longer restart after a
    cluster.conf update.

  - nfsclient.sh no longer leaves temporary files after
    running.

  - extra checks from the Oracle agents have been removed.

  - vm.sh now uses libvirt.

  - users can now define an explicit service processing
    order when central_processing is enabled.

  - virtual machine guests can no longer start on 2 nodes at
    the same time.

  - in some cases a successfully migrated virtual machine
    guest could restart when the cluster.conf file was
    updated.

  - incorrect reporting of a service being started when it
    was not started has been addressed.

As well, this update adds the following enhancements :

  - a startup_wait option has been added to the MySQL
    resource agent.

  - services can now be prioritized.

  - rgmanager now checks to see if it has been killed by the
    OOM killer and if so, reboots the node."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0910&L=scientific-linux-errata&T=0&P=442
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e7bc6631"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rgmanager package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"rgmanager-2.0.52-1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1341. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63894);
  script_version("1.13");
  script_cvs_date("Date: 2019/10/25 13:36:14");

  script_cve_id("CVE-2008-4579", "CVE-2008-6552");
  script_bugtraq_id(31904, 32179);
  script_xref(name:"RHSA", value:"2009:1341");

  script_name(english:"RHEL 5 : cman (RHSA-2009:1341)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated cman packages that fix several security issues, various bugs,
and add enhancements are now available for Red Hat Enterprise Linux 5.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The Cluster Manager (cman) utility provides services for managing a
Linux cluster.

Multiple insecure temporary file use flaws were found in
fence_apc_snmp and ccs_tool. A local attacker could use these flaws to
overwrite an arbitrary file writable by a victim running those
utilities (typically root) with the output of the utilities via a
symbolic link attack. (CVE-2008-4579, CVE-2008-6552)

Bug fixes :

* a buffer could overflow if cluster.conf had more than 52 entries per
block inside the <cman> block. The limit is now 1024.

* the output of the group_tool dump subcommands were NULL padded.

* using device='' instead of label='' no longer causes qdiskd to
incorrectly exit.

* the IPMI fencing agent has been modified to time out after 10
seconds. It is also now possible to specify a different timeout value
with the '-t' option.

* the IPMI fencing agent now allows punctuation in passwords.

* quickly starting and stopping the cman service no longer causes the
cluster membership to become inconsistent across the cluster.

* an issue with lock syncing caused 'receive_own from' errors to be
logged to '/var/log/messages'.

* an issue which caused gfs_controld to segfault when mounting
hundreds of file systems has been fixed.

* the LPAR fencing agent now properly reports status when an LPAR is
in Open Firmware mode.

* the LPAR fencing agent now works properly with systems using the
Integrated Virtualization Manager (IVM).

* the APC SNMP fencing agent now properly recognizes outletStatusOn
and outletStatusOff return codes from the SNMP agent.

* the WTI fencing agent can now connect to fencing devices with no
password.

* the rps-10 fencing agent now properly performs a reboot when run
with no options.

* the IPMI fencing agent now supports different cipher types with the
'-C' option.

* qdisk now properly scans devices and partitions.

* cman now checks to see if a new node has state to prevent killing
the first node during cluster setup.

* 'service qdiskd start' now works properly.

* the McData fence agent now works properly with the McData Sphereon
4500 Fabric Switch.

* the Egenera fence agent can now specify an SSH login name.

* the APC fence agent now works with non-admin accounts when using the
3.5.x firmware.

* fence_xvmd now tries two methods to reboot a virtual machine.

* connections to OpenAIS are now allowed from unprivileged CPG clients
with the user and group of 'ais'.

* groupd no longer allows the default fence domain to be '0', which
previously caused rgmanager to hang. Now, rgmanager no longer hangs.

* the RSA fence agent now supports SSH enabled RSA II devices.

* the DRAC fence agent now works with the Integrated Dell Remote
Access Controller (iDRAC) on Dell PowerEdge M600 blade servers.

* fixed a memory leak in cman.

* qdisk now displays a warning if more than one label is found with
the same name.

* the DRAC5 fencing agent now shows proper usage instructions for the
'-D' option.

* cman no longer uses the wrong node name when getnameinfo() fails.

* the SCSI fence agent now verifies that sg_persist is installed.

* the DRAC5 fencing agent now properly handles modulename.

* QDisk now logs warning messages if it appears its I/O to shared
storage is hung.

* fence_apc no longer fails with a pexpect exception.

* removing a node from the cluster using 'cman_tool leave remove' now
properly reduces the expected_votes and quorum.

* a semaphore leak in cman has been fixed.

* 'cman_tool nodes -F name' no longer segfaults when a node is out of
membership.

Enhancements :

* support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124
and MDS 9134 SAN switches, the virsh fencing agent, and broadcast
communication with cman.

* fence_scsi limitations added to fence_scsi man page.

Users of cman are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2008-4579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2008-6552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2009:1341"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected cman and / or cman-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cman-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2009:1341";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"cman-2.0.115-1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"cman-2.0.115-1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"cman-2.0.115-1.el5")) flag++;
  if (rpm_check(release:"RHEL5", reference:"cman-devel-2.0.115-1.el5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cman / cman-devel");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60653);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:18");

  script_cve_id("CVE-2008-6552");

  script_name(english:"Scientific Linux Security Update : gfs2-utils on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple insecure temporary file use flaws were discovered in GFS2
user level utilities. A local attacker could use these flaws to
overwrite an arbitrary file writable by a victim running those
utilities (typically root) with the output of the utilities via a
symbolic link attack. (CVE-2008-6552)

This update also fixes the following bugs :

  - gfs2_fsck now properly detects and repairs problems with
    sequence numbers on GFS2 file systems.

  - GFS2 user utilities now use the file system UUID.

  - gfs2_grow now properly updates the file system size
    during operation.

  - gfs2_fsck now returns the proper exit codes.

  - gfs2_convert now properly frees blocks when removing
    free blocks up to height 2.

  - the gfs2_fsck manual page has been renamed to fsck.gfs2
    to match current standards.

  - the 'gfs2_tool df' command now provides human-readable
    output.

  - mounting GFS2 file systems with the noatime or noquota
    option now works properly.

  - new capabilities have been added to the gfs2_edit tool
    to help in testing and debugging GFS and GFS2 issues.

  - the 'gfs2_tool df' command no longer segfaults on file
    systems with a block size other than 4k.

  - the gfs2_grow manual page no longer references the '-r'
    option, which has been removed.

  - the 'gfs2_tool unfreeze' command no longer hangs during
    use.

  - gfs2_convert no longer corrupts file systems when
    converting from GFS to GFS2.

  - gfs2_fsck no longer segfaults when encountering a block
    which is listed as both a data and stuffed directory
    inode.

  - gfs2_fsck can now fix file systems even if the journal
    is already locked for use.

  - a GFS2 file system's metadata is now properly copied
    with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'.

  - the gfs2_edit savemeta function now properly saves
    blocks of type 2.

  - 'gfs2_convert -vy' now works properly on the PowerPC
    architecture.

  - when mounting a GFS2 file system as '/', mount_gfs2 no
    longer fails after being unable to find the file system
    in '/proc/mounts'.

  - gfs2_fsck no longer segfaults when fixing 'EA leaf block
    type' problems."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0910&L=scientific-linux-errata&T=0&P=561
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ee5e8852"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gfs2-utils package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"gfs2-utils-0.1.62-1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1339 and 
# CentOS Errata and Security Advisory 2009:1339 respectively.
#

include("compat.inc");

if (description)
{
  script_id(43787);
  script_version("1.12");
  script_cvs_date("Date: 2019/10/25 13:36:05");

  script_cve_id("CVE-2008-6552");
  script_xref(name:"RHSA", value:"2009:1339");

  script_name(english:"CentOS 5 : rgmanager (CESA-2009:1339)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated rgmanager package that fixes multiple security issues,
various bugs, and adds enhancements is now available for Red Hat
Enterprise Linux 5.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The rgmanager package contains the Red Hat Resource Group Manager,
which provides high availability for critical server applications in
the event of system downtime.

Multiple insecure temporary file use flaws were discovered in
rgmanager and various resource scripts run by rgmanager. A local
attacker could use these flaws to overwrite an arbitrary file writable
by the rgmanager process (i.e. user root) with the output of rgmanager
or a resource agent via a symbolic link attack. (CVE-2008-6552)

This update also fixes the following bugs :

* clulog now accepts '-' as the first character in messages.

* if expire_time is 0, max_restarts is no longer ignored.

* the SAP resource agents included in the rgmanager package shipped
with Red Hat Enterprise Linux 5.3 were outdated. This update includes
the most recent SAP resource agents and, consequently, improves SAP
failover support.

* empty PID files no longer cause resource start failures.

* recovery policy of type 'restart' now works properly when using a
resource based on ra-skelet.sh.

* samba.sh has been updated to kill the PID listed in the proper PID
file.

* handling of the '-F' option has been improved to fix issues causing
rgmanager to crash if no members of a restricted failover domain were
online.

* the number of simultaneous status checks can now be limited to
prevent load spikes.

* forking and cloning during status checks has been optimized to
reduce load spikes.

* rg_test no longer hangs when run with large cluster configuration
files.

* when rgmanager is used with a restricted failover domain it will no
longer occasionally segfault when some nodes are offline during a
failover event.

* virtual machine guests no longer restart after a cluster.conf
update.

* nfsclient.sh no longer leaves temporary files after running.

* extra checks from the Oracle agents have been removed.

* vm.sh now uses libvirt.

* users can now define an explicit service processing order when
central_processing is enabled.

* virtual machine guests can no longer start on 2 nodes at the same
time.

* in some cases a successfully migrated virtual machine guest could
restart when the cluster.conf file was updated.

* incorrect reporting of a service being started when it was not
started has been addressed.

As well, this update adds the following enhancements :

* a startup_wait option has been added to the MySQL resource agent.

* services can now be prioritized.

* rgmanager now checks to see if it has been killed by the OOM killer
and if so, reboots the node.

Users of rgmanager are advised to upgrade to this updated package,
which resolves these issues and adds these enhancements."
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-September/016153.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e45b3de"
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-September/016154.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?cb7f874e"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rgmanager package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:rgmanager");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"rgmanager-2.0.52-1.el5.centos")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rgmanager");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60961);
  script_version("1.5");
  script_cvs_date("Date: 2019/10/25 13:36:19");

  script_cve_id("CVE-2008-6552", "CVE-2010-3389");

  script_name(english:"Scientific Linux Security Update : rgmanager on SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Scientific Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple insecure temporary file use flaws were discovered in
rgmanager and various resource scripts run by rgmanager. A local
attacker could use these flaws to overwrite an arbitrary file writable
by the rgmanager process (i.e. user root) with the output of rgmanager
or a resource agent via a symbolic link attack. (CVE-2008-6552)

It was discovered that certain resource agent scripts set the
LD_LIBRARY_PATH environment variable to an insecure value containing
empty path elements. A local user able to trick a user running those
scripts to run them while working from an attacker-writable directory
could use this flaw to escalate their privileges via a specially
crafted dynamic library. (CVE-2010-3389)

This update also fixes the following bugs :

  - Previously, starting threads could incorrectly include a
    reference to an exited thread if that thread exited when
    rgmanager received a request to start a new thread. Due
    to this issue, the new thread did not retry and entered
    an infinite loop. This update ensures that new threads
    do not reference old threads. Now, new threads no longer
    enter an infinite loop in which the rgmanager enables
    and disables services without failing gracefully.
    (BZ#502872)

  - Previously, nfsclient.sh left temporary
    nfsclient-status-cache-$$ files in /tmp/. (BZ#506152)

  - Previously, the function local_node_name in
    /resources/utils/member_util.sh did not correctly check
    whether magma_tool failed. Due to this issue, empty
    strings could be returned. This update checks the input
    and rejects empty strings. (BZ#516758)

  - Previously, the file system agent could kill a process
    when an application used a mount point with a similar
    name to a mount point managed by rgmanager using
    force_unmount. With this update, the file system agent
    kills only the processes that access the mount point
    managed by rgmanager. (BZ#555901)

  - Previously, simultaneous execution of 'lvchange
    --deltag' from /etc/init.d/rgmanager caused a checksum
    error on High Availability Logical Volume Manager
    (HA-LVM). With this update, ownership of LVM tags is
    checked before removing them. (BZ#559582)

  - Previously, the isAlive check could fail if two nodes
    used the same file name. With this update, the isAlive
    function prevents two nodes from using the same file
    name. (BZ#469815)

  - Previously, the S/Lang code could lead to unwanted
    S/Lang stack leaks during event processing. (BZ#507430)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=469815"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=502872"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=506152"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=507430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=516758"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=555901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=559582"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=2573
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3312c7c6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rgmanager package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"rgmanager-1.9.88-2.el4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1337 and 
# CentOS Errata and Security Advisory 2009:1337 respectively.
#

include("compat.inc");

if (description)
{
  script_id(43786);
  script_version("1.12");
  script_cvs_date("Date: 2019/10/25 13:36:05");

  script_cve_id("CVE-2008-6552");
  script_bugtraq_id(32179);
  script_xref(name:"RHSA", value:"2009:1337");

  script_name(english:"CentOS 5 : gfs2-utils (CESA-2009:1337)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated gfs2-utils package that fixes multiple security issues and
various bugs is now available for Red Hat Enterprise Linux 5.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The gfs2-utils package provides the user-space tools necessary to
mount, create, maintain, and test GFS2 file systems.

Multiple insecure temporary file use flaws were discovered in GFS2
user level utilities. A local attacker could use these flaws to
overwrite an arbitrary file writable by a victim running those
utilities (typically root) with the output of the utilities via a
symbolic link attack. (CVE-2008-6552)

This update also fixes the following bugs :

* gfs2_fsck now properly detects and repairs problems with sequence
numbers on GFS2 file systems.

* GFS2 user utilities now use the file system UUID.

* gfs2_grow now properly updates the file system size during
operation.

* gfs2_fsck now returns the proper exit codes.

* gfs2_convert now properly frees blocks when removing free blocks up
to height 2.

* the gfs2_fsck manual page has been renamed to fsck.gfs2 to match
current standards.

* the 'gfs2_tool df' command now provides human-readable output.

* mounting GFS2 file systems with the noatime or noquota option now
works properly.

* new capabilities have been added to the gfs2_edit tool to help in
testing and debugging GFS and GFS2 issues.

* the 'gfs2_tool df' command no longer segfaults on file systems with
a block size other than 4k.

* the gfs2_grow manual page no longer references the '-r' option,
which has been removed.

* the 'gfs2_tool unfreeze' command no longer hangs during use.

* gfs2_convert no longer corrupts file systems when converting from
GFS to GFS2.

* gfs2_fsck no longer segfaults when encountering a block which is
listed as both a data and stuffed directory inode.

* gfs2_fsck can now fix file systems even if the journal is already
locked for use.

* a GFS2 file system's metadata is now properly copied with 'gfs2_edit
savemeta' and 'gfs2_edit restoremeta'.

* the gfs2_edit savemeta function now properly saves blocks of type 2.

* 'gfs2_convert -vy' now works properly on the PowerPC architecture.

* when mounting a GFS2 file system as '/', mount_gfs2 no longer fails
after being unable to find the file system in '/proc/mounts'.

* gfs2_fsck no longer segfaults when fixing 'EA leaf block type'
problems.

All gfs2-utils users should upgrade to this updated package, which
resolves these issues."
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-September/016151.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1d9349fa"
  );
  # https://lists.centos.org/pipermail/centos-announce/2009-September/016152.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?77d21c89"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gfs2-utils package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gfs2-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-5", reference:"gfs2-utils-0.1.62-1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gfs2-utils");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2008-9458.
#

include("compat.inc");

if (description)
{
  script_id(34716);
  script_version ("1.17");
  script_cvs_date("Date: 2019/08/02 13:32:28");

  script_cve_id("CVE-2008-6552", "CVE-2008-6560");
  script_xref(name:"FEDORA", value:"2008-9458");

  script_name(english:"Fedora 9 : cman-2.03.09-1.fc9 / gfs2-utils-2.03.09-1.fc9 / rgmanager-2.03.09-1.fc9 (2008-9458)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A major code audit did show several unsecure use of /tmp. This update
addresses those issues across the whole code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=468966"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016030.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3e6a0e77"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016031.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0706c0b0"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016032.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?cbb33b3f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected cman, gfs2-utils and / or rgmanager packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_cwe_id(59, 119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gfs2-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rgmanager");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/11/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC9", reference:"cman-2.03.09-1.fc9")) flag++;
if (rpm_check(release:"FC9", reference:"gfs2-utils-2.03.09-1.fc9")) flag++;
if (rpm_check(release:"FC9", reference:"rgmanager-2.03.09-1.fc9")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cman / gfs2-utils / rgmanager");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2009:1337. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(40839);
  script_version ("1.22");
  script_cvs_date("Date: 2019/10/25 13:36:14");

  script_cve_id("CVE-2008-6552");
  script_bugtraq_id(32179);
  script_xref(name:"RHSA", value:"2009:1337");

  script_name(english:"RHEL 5 : gfs2-utils (RHSA-2009:1337)");
  script_summary(english:"Checks the rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated gfs2-utils package that fixes multiple security issues and
various bugs is now available for Red Hat Enterprise Linux 5.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

The gfs2-utils package provides the user-space tools necessary to
mount, create, maintain, and test GFS2 file systems.

Multiple insecure temporary file use flaws were discovered in GFS2
user level utilities. A local attacker could use these flaws to
overwrite an arbitrary file writable by a victim running those
utilities (typically root) with the output of the utilities via a
symbolic link attack. (CVE-2008-6552)

This update also fixes the following bugs :

* gfs2_fsck now properly detects and repairs problems with sequence
numbers on GFS2 file systems.

* GFS2 user utilities now use the file system UUID.

* gfs2_grow now properly updates the file system size during
operation.

* gfs2_fsck now returns the proper exit codes.

* gfs2_convert now properly frees blocks when removing free blocks up
to height 2.

* the gfs2_fsck manual page has been renamed to fsck.gfs2 to match
current standards.

* the 'gfs2_tool df' command now provides human-readable output.

* mounting GFS2 file systems with the noatime or noquota option now
works properly.

* new capabilities have been added to the gfs2_edit tool to help in
testing and debugging GFS and GFS2 issues.

* the 'gfs2_tool df' command no longer segfaults on file systems with
a block size other than 4k.

* the gfs2_grow manual page no longer references the '-r' option,
which has been removed.

* the 'gfs2_tool unfreeze' command no longer hangs during use.

* gfs2_convert no longer corrupts file systems when converting from
GFS to GFS2.

* gfs2_fsck no longer segfaults when encountering a block which is
listed as both a data and stuffed directory inode.

* gfs2_fsck can now fix file systems even if the journal is already
locked for use.

* a GFS2 file system's metadata is now properly copied with 'gfs2_edit
savemeta' and 'gfs2_edit restoremeta'.

* the gfs2_edit savemeta function now properly saves blocks of type 2.

* 'gfs2_convert -vy' now works properly on the PowerPC architecture.

* when mounting a GFS2 file system as '/', mount_gfs2 no longer fails
after being unable to find the file system in '/proc/mounts'.

* gfs2_fsck no longer segfaults when fixing 'EA leaf block type'
problems.

All gfs2-utils users should upgrade to this updated package, which
resolves these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2008-6552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2009:1337"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected gfs2-utils package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gfs2-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/03/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2009:1337";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"gfs2-utils-0.1.62-1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gfs2-utils-0.1.62-1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gfs2-utils-0.1.62-1.el5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gfs2-utils");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-875-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(43368);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:33:03");

  script_cve_id("CVE-2008-4192", "CVE-2008-4579", "CVE-2008-4580", "CVE-2008-6552", "CVE-2008-6560");
  script_bugtraq_id(30898, 31904, 32179, 37416);
  script_xref(name:"USN", value:"875-1");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : redhat-cluster, redhat-cluster-suite vulnerabilities (USN-875-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple insecure temporary file handling vulnerabilities were
discovered in Red Hat Cluster. A local attacker could exploit these to
overwrite arbitrary local files via symlinks. (CVE-2008-4192,
CVE-2008-4579, CVE-2008-4580, CVE-2008-6552)

It was discovered that CMAN did not properly handle malformed
configuration files. An attacker could cause a denial of service (via
CPU consumption and memory corruption) in a node if the attacker were
able to modify the cluster configuration for the node. (CVE-2008-6560).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/875-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(59, 119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ccs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fence");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:fence-gnbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gfs-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gfs2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnbd-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnbd-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gulm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libccs-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libccs-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libccs3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcman-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcman1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcman2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcman3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdlm-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdlm1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdlm2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdlm3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdlmcontrol-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdlmcontrol3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfence-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libfence3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgulm-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgulm1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libiddev-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagma-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagma1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:magma");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:magma-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:redhat-cluster-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:redhat-cluster-suite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:redhat-cluster-suite-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rgmanager");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|8\.04|8\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"ccs", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"cman", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"fence", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"fence-gnbd", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"gfs-tools", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"gnbd-client", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"gnbd-server", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"gulm", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libccs-dev", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcman-dev", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libcman1", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libdlm-dev", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libdlm1", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libgulm-dev", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libgulm1", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libiddev-dev", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libmagma-dev", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libmagma1", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"magma", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"magma-plugins", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"redhat-cluster-suite", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"redhat-cluster-suite-source", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"rgmanager", pkgver:"1.20060222-0ubuntu6.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"cman", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"gfs-tools", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"gfs2-tools", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"gnbd-client", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"gnbd-server", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libcman-dev", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libcman2", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libdlm-dev", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libdlm2", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"redhat-cluster-source", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"redhat-cluster-suite", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"rgmanager", pkgver:"2.20080227-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"cman", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"gfs-tools", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"gfs2-tools", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"gnbd-client", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"gnbd-server", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libccs-dev", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libccs-perl", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libccs3", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libcman-dev", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libcman3", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libdlm-dev", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libdlm3", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libdlmcontrol-dev", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libdlmcontrol3", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libfence-dev", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"libfence3", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"redhat-cluster-source", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"redhat-cluster-suite", pkgver:"2.20080826-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.10", pkgname:"rgmanager", pkgver:"2.20080826-0ubuntu1.3")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ccs / cman / fence / fence-gnbd / gfs-tools / gfs2-tools / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60957);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:19");

  script_cve_id("CVE-2008-6552");

  script_name(english:"Scientific Linux Security Update : ccs on SL4.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An insecure temporary file use flaw was found in ccs_tool. A local
attacker could use this flaw to conduct a symbolic link attack,
allowing them to overwrite (with the output of ccs_tool) an arbitrary
file writable by the victim running ccs_tool. (CVE-2008-6552)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1102&L=scientific-linux-errata&T=0&P=2458
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?5e10a113"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected ccs and / or ccs-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(59);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"ccs-1.0.13-2")) flag++;
if (rpm_check(release:"SL4", reference:"ccs-devel-1.0.13-2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");