Vulnerabilities > CVE-2010-5312 - Cross-site Scripting vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2015:1462 and 
# Oracle Linux Security Advisory ELSA-2015-1462 respectively.
#

include("compat.inc");

if (description)
{
  script_id(85113);
  script_version("2.7");
  script_cvs_date("Date: 2019/09/27 13:00:36");

  script_cve_id("CVE-2010-5312", "CVE-2012-6662");
  script_bugtraq_id(71106, 71107);
  script_xref(name:"RHSA", value:"2015:1462");

  script_name(english:"Oracle Linux 6 : ipa (ELSA-2015-1462)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2015:1462 :

Updated ipa packages that fix two security issues and several bugs are
now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Identity Management (IdM) is a centralized authentication,
identity management, and authorization solution for both traditional
and cloud-based enterprise environments.

Two cross-site scripting (XSS) flaws were found in jQuery, which
impacted the Identity Management web administrative interface, and
could allow an authenticated user to inject arbitrary HTML or web
script into the interface. (CVE-2010-5312, CVE-2012-6662)

Note: The IdM version provided by this update no longer uses jQuery.

Bug fixes :

* The ipa-server-install, ipa-replica-install, and ipa-client-install
utilities are not supported on machines running in FIPS-140 mode.
Previously, IdM did not warn users about this. Now, IdM does not allow
running the utilities in FIPS-140 mode, and displays an explanatory
message. (BZ#1131571)

* If an Active Directory (AD) server was specified or discovered
automatically when running the ipa-client-install utility, the utility
produced a traceback instead of informing the user that an IdM server
is expected in this situation. Now, ipa-client-install detects the AD
server and fails with an explanatory message. (BZ#1132261)

* When IdM servers were configured to require the TLS protocol version
1.1 (TLSv1.1) or later in the httpd server, the ipa utility failed.
With this update, running ipa works as expected with TLSv1.1 or later.
(BZ#1154687)

* In certain high-load environments, the Kerberos authentication step
of the IdM client installer can fail. Previously, the entire client
installation failed in this situation. This update modifies
ipa-client-install to prefer the TCP protocol over the UDP protocol
and to retry the authentication attempt in case of failure.
(BZ#1161722)

* If ipa-client-install updated or created the /etc/nsswitch.conf
file, the sudo utility could terminate unexpectedly with a
segmentation fault. Now, ipa-client-install puts a new line character
at the end of nsswitch.conf if it modifies the last line of the file,
fixing this bug. (BZ#1185207)

* The ipa-client-automount utility failed with the
'UNWILLING_TO_PERFORM' LDAP error when the nsslapd-minssf Red Hat
Directory Server configuration parameter was set to '1'. This update
modifies ipa-client-automount to use encrypted connection for LDAP
searches by default, and the utility now finishes successfully even
with nsslapd-minssf specified. (BZ#1191040)

* If installing an IdM server failed after the Certificate Authority
(CA) installation, the 'ipa-server-install --uninstall' command did
not perform a proper cleanup. After the user issued
'ipa-server-install --uninstall' and then attempted to install the
server again, the installation failed. Now, 'ipa-server-install
--uninstall' removes the CA-related files in the described situation,
and ipa-server-install no longer fails with the mentioned error
message. (BZ#1198160)

* Running ipa-client-install added the 'sss' entry to the sudoers line
in nsswitch.conf even if 'sss' was already configured and the entry
was present in the file. Duplicate 'sss' then caused sudo to become
unresponsive. Now, ipa-client-install no longer adds 'sss' if it is
already present in nsswitch.conf. (BZ#1198339)

* After running ipa-client-install, it was not possible to log in
using SSH under certain circumstances. Now, ipa-client-install no
longer corrupts the sshd_config file, and the sshd service can start
as expected, and logging in using SSH works in the described
situation. (BZ#1201454)

* An incorrect definition of the dc attribute in the
/usr/share/ipa/05rfc2247.ldif file caused bogus error messages to be
returned during migration. The attribute has been fixed, but the bug
persists if the copy-schema-to-ca.py script was run on Red Hat
Enterprise Linux 6.6 prior to running it on Red Hat Enterprise Linux
6.7. To work around this problem, manually copy
/usr/share/ipa/schema/05rfc2247.ldif to
/etc/dirsrv/slapd-PKI-IPA/schema/ and restart IdM. (BZ#1220788)

All ipa users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2015-July/005239.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected ipa packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-admintools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-selinux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ipa-server-trust-ad");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL6", reference:"ipa-admintools-3.0.0-47.el6")) flag++;
if (rpm_check(release:"EL6", reference:"ipa-client-3.0.0-47.el6")) flag++;
if (rpm_check(release:"EL6", reference:"ipa-python-3.0.0-47.el6")) flag++;
if (rpm_check(release:"EL6", reference:"ipa-server-3.0.0-47.el6")) flag++;
if (rpm_check(release:"EL6", reference:"ipa-server-selinux-3.0.0-47.el6")) flag++;
if (rpm_check(release:"EL6", reference:"ipa-server-trust-ad-3.0.0-47.el6")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-python / ipa-server / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3249. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(83235);
  script_version("2.4");
  script_cvs_date("Date: 2018/11/10 11:49:37");

  script_cve_id("CVE-2010-5312");
  script_bugtraq_id(71106);
  script_xref(name:"DSA", value:"3249");

  script_name(english:"Debian DSA-3249-1 : jqueryui - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Shadowman131 discovered that jqueryui, a JavaScript UI library for
dynamic web applications, failed to properly sanitize its
'title'option. This would allow a remote attacker to inject arbitrary
code through cross-site scripting."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/jqueryui"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/jqueryui"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3249"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the jqueryui packages.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.8.ooops.21+dfsg-2+deb7u1.

For the stable distribution (jessie), testing distribution (stretch)
and unstable distribution (sid), this problem has been fixed in
version 1.10.1+dfsg-1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:jqueryui");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"libjs-jquery-ui", reference:"1.8.ooops.21+dfsg-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libjs-jquery-ui-docs", reference:"1.8.ooops.21+dfsg-2+deb7u1")) flag++;
if (deb_check(release:"8.0", prefix:"libjs-jquery-ui", reference:"1.10.1+dfsg-1")) flag++;
if (deb_check(release:"8.0", prefix:"libjs-jquery-ui-docs", reference:"1.10.1+dfsg-1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2015:0442 and 
# CentOS Errata and Security Advisory 2015:0442 respectively.
#

include("compat.inc");

if (description)
{
  script_id(81897);
  script_version("1.7");
  script_cvs_date("Date: 2020/01/02");

  script_cve_id("CVE-2010-5312", "CVE-2012-6662");
  script_xref(name:"RHSA", value:"2015:0442");

  script_name(english:"CentOS 7 : ipa (CESA-2015:0442)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated ipa packages that fix two security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Identity Management (IdM) is a centralized authentication,
identity management, and authorization solution for both traditional
and cloud-based enterprise environments.

Two cross-site scripting (XSS) flaws were found in jQuery, which
impacted the Identity Management web administrative interface, and
could allow an authenticated user to inject arbitrary HTML or web
script into the interface. (CVE-2010-5312, CVE-2012-6662)

Note: The IdM version provided by this update no longer uses jQuery.

This update adds several enhancements that are described in more
detail in the Red Hat Enterprise Linux 7.1 Release Notes, linked to in
the References section, including :

* Added the 'ipa-cacert-manage' command, which renews the
Certification Authority (CA) file. (BZ#886645)

* Added the ID Views feature. (BZ#891984)

* IdM now supports using one-time password (OTP) authentication and
allows gradual migration from proprietary OTP solutions to the IdM OTP
solution. (BZ#919228)

* Added the 'ipa-backup' and 'ipa-restore' commands to allow manual
backups. (BZ#951581)

* Added a solution for regulating access permissions to specific
sections of the IdM server. (BZ#976382)

This update also fixes several bugs, including :

* Previously, when IdM servers were configured to require the
Transport Layer Security protocol version 1.1 (TLSv1.1) or later in
the httpd server, the 'ipa' command-line utility failed. With this
update, running 'ipa' works as expected with TLSv1.1 or later.
(BZ#1156466)

In addition, this update adds multiple enhancements, including :

* The 'ipa-getkeytab' utility can now optionally fetch existing
keytabs from the KDC. Previously, retrieving an existing keytab was
not supported, as the only option was to generate a new key.
(BZ#1007367)

* You can now create and manage a '.' root zone on IdM servers. DNS
queries sent to the IdM DNS server use this configured zone instead of
the public zone. (BZ#1056202)

* The IdM server web UI has been updated and is now based on the
Patternfly framework, offering better responsiveness. (BZ#1108212)

* A new user attribute now enables provisioning systems to add custom
tags for user objects. The tags can be used for automember rules or
for additional local interpretation. (BZ#1108229)

* This update adds a new DNS zone type to ensure that forward and
master zones are better separated. As a result, the IdM DNS interface
complies with the forward zone semantics in BIND. (BZ#1114013)

* This update adds a set of Apache modules that external applications
can use to achieve tighter interaction with IdM beyond simple
authentication. (BZ# 1107555)

* IdM supports configuring automember rules for automated assignment
of users or hosts in respective groups according to their
characteristics, such as the 'userClass' or 'departmentNumber'
attributes. Previously, the rules could be applied only to new
entries. This update allows applying the rules also to existing users
or hosts. (BZ#1108226)

* The extdom plug-in translates Security Identifiers (SIDs) of Active
Directory (AD) users and groups to names and POSIX IDs. With this
update, extdom returns the full member list for groups and the full
list of group memberships for a user, the GECOS field, the home
directory, as well as the login shell of a user. Also, an optional
list of key-value pairs contains the SID of the requested object if
the SID is available. (BZ#1030699)

All ipa users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements."
  );
  # https://lists.centos.org/pipermail/centos-cr-announce/2015-March/001594.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6cfcd67b"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected ipa packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-5312");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-admintools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipa-server-trust-ad");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ipa-admintools-4.1.0-18.el7.centos")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ipa-client-4.1.0-18.el7.centos")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ipa-python-4.1.0-18.el7.centos")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ipa-server-4.1.0-18.el7.centos")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"ipa-server-trust-ad-4.1.0-18.el7.centos")) flag++;


if (flag)
{
  cr_plugin_caveat = '\n' +
    'NOTE: The security advisory associated with this vulnerability has a\n' +
    'fixed package version that may only be available in the continuous\n' +
    'release (CR) repository for CentOS, until it is present in the next\n' +
    'point release of CentOS.\n\n' +

    'If an equal or higher package level does not exist in the baseline\n' +
    'repository for your major version of CentOS, then updates from the CR\n' +
    'repository will need to be applied in order to address the\n' +
    'vulnerability.\n';
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get() + cr_plugin_caveat
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-admintools / ipa-client / ipa-python / ipa-server / etc");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-16048.
#

include("compat.inc");

if (description)
{
  script_id(79909);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2010-5312");
  script_bugtraq_id(71106);
  script_xref(name:"FEDORA", value:"2014-16048");

  script_name(english:"Fedora 20 : couchdb-1.6.1-4.fc20 (2014-16048)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Fix CVE-2010-5312 couchdb: jquery-ui: XSS vulnerability
    in jQuery.ui.dialog title option (rhbz #1166767)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1166041"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145767.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a8e97622"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected couchdb package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:couchdb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC20", reference:"couchdb-1.6.1-4.fc20")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "couchdb");
}