Vulnerabilities > CVE-2011-1677 - Unspecified vulnerability in Linux Util-Linux

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:0307 and 
# Oracle Linux Security Advisory ELSA-2012-0307 respectively.
#

include("compat.inc");

if (description)
{
  script_id(68478);
  script_version("1.7");
  script_cvs_date("Date: 2019/09/30 10:58:17");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");
  script_bugtraq_id(50941);
  script_xref(name:"RHSA", value:"2012:0307");

  script_name(english:"Oracle Linux 5 : util-linux (ELSA-2012-0307)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2012:0307 :

An updated util-linux package that fixes multiple security issues,
various bugs, and adds two enhancements is now available for Red Hat
Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use
these flaws to corrupt the mtab file and create a stale lock file,
preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

* When the user logged into a telnet server, the login utility did not
update the utmp database properly if the utility was executed from the
telnetd daemon. This was due to telnetd not creating an appropriate
entry in a utmp file before executing login. With this update, correct
entries are created and the database is updated properly. (BZ#646300)

* Various options were not described on the blockdev(8) manual page.
With this update, the blockdev(8) manual page includes all the
relevant options. (BZ#650937)

* Prior to this update, the build process of the util-linux package
failed in the po directory with the following error message:
'@MKINSTALLDIRS@: No such file or directory'. An upstream patch has
been applied to address this issue, and the util-linux package now
builds successfully. (BZ#677452)

* Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an
invalid option, '-b'. With this update, only valid options are listed
on those manual pages. (BZ#678407)

* Previously, the mount(8) manual page contained incomplete
information about the ext4 and XFS file systems. With this update, the
mount(8) manual page contains the missing information. (BZ#699639)

In addition, this update adds the following enhancements :

* Previously, if DOS mode was enabled on a device, the fdisk utility
could report error messages similar to the following :

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by
specifying the '-c' option), and such error messages are no longer
displayed. (BZ#678430)

* This update adds the 'fsfreeze' command which halts access to a file
system on a disk. (BZ#726572)

All users of util-linux are advised to upgrade to this updated
package, which contains backported patches to correct these issues and
add these enhancements."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2012-March/002658.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected util-linux package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

flag = 0;
if (rpm_check(release:"EL5", reference:"util-linux-2.13-0.59.0.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2012:0307. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(58061);
  script_version ("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/15");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");
  script_bugtraq_id(50941);
  script_xref(name:"RHSA", value:"2012:0307");

  script_name(english:"RHEL 5 : util-linux (RHSA-2012:0307)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated util-linux package that fixes multiple security issues,
various bugs, and adds two enhancements is now available for Red Hat
Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use
these flaws to corrupt the mtab file and create a stale lock file,
preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

* When the user logged into a telnet server, the login utility did not
update the utmp database properly if the utility was executed from the
telnetd daemon. This was due to telnetd not creating an appropriate
entry in a utmp file before executing login. With this update, correct
entries are created and the database is updated properly. (BZ#646300)

* Various options were not described on the blockdev(8) manual page.
With this update, the blockdev(8) manual page includes all the
relevant options. (BZ#650937)

* Prior to this update, the build process of the util-linux package
failed in the po directory with the following error message:
'@MKINSTALLDIRS@: No such file or directory'. An upstream patch has
been applied to address this issue, and the util-linux package now
builds successfully. (BZ#677452)

* Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an
invalid option, '-b'. With this update, only valid options are listed
on those manual pages. (BZ#678407)

* Previously, the mount(8) manual page contained incomplete
information about the ext4 and XFS file systems. With this update, the
mount(8) manual page contains the missing information. (BZ#699639)

In addition, this update adds the following enhancements :

* Previously, if DOS mode was enabled on a device, the fdisk utility
could report error messages similar to the following :

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by
specifying the '-c' option), and such error messages are no longer
displayed. (BZ#678430)

* This update adds the 'fsfreeze' command which halts access to a file
system on a disk. (BZ#726572)

All users of util-linux are advised to upgrade to this updated
package, which contains backported patches to correct these issues and
add these enhancements."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2012:0307"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-1677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-1675"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected util-linux and / or util-linux-debuginfo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2012:0307";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"util-linux-2.13-0.59.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"util-linux-2.13-0.59.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"util-linux-2.13-0.59.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2011:1691. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(57019);
  script_version ("1.15");
  script_cvs_date("Date: 2019/10/25 13:36:16");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");
  script_xref(name:"RHSA", value:"2011:1691");

  script_name(english:"RHEL 6 : util-linux-ng (RHSA-2011:1691)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated util-linux-ng packages that fix multiple security issues,
several bugs, and add various enhancements are now available for Red
Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The util-linux-ng packages contain a large variety of low-level system
utilities that are necessary for a Linux operating system to function.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use
these flaws to corrupt the mtab file and create a stale lock file,
preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

* Due to a hard-coded limit of 128 devices, an attempt to run the
'blkid -c' command on more than 128 devices caused blkid to terminate
unexpectedly. This update increases the maximum number of devices to
8192 so that blkid no longer crashes in this scenario. (BZ#675999)

* Previously, the 'swapon -a' command did not detect device-mapper
devices that were already in use. This update corrects the swapon
utility to detect such devices as expected. (BZ#679741)

* Prior to this update, the presence of an invalid line in the
/etc/fstab file could cause the umount utility to terminate
unexpectedly with a segmentation fault. This update applies a patch
that corrects this error so that umount now correctly reports invalid
lines and no longer crashes. (BZ#684203)

* Previously, an attempt to use the wipefs utility on a partitioned
device caused the utility to terminate unexpectedly with an error.
This update adapts wipefs to only display a warning message in this
situation. (BZ#696959)

* When providing information on interprocess communication (IPC)
facilities, the ipcs utility could previously display a process owner
as a negative number if the user's UID was too large. This update
adapts the underlying source code to make sure the UID values are now
displayed correctly. (BZ#712158)

* In the installation scriptlets, the uuidd package uses the chkconfig
utility to enable and disable the uuidd service. Previously, this
package did not depend on the chkconfig package, which could lead to
errors during installation if chkconfig was not installed. This update
adds chkconfig to the list of dependencies so that such errors no
longer occur. (BZ#712808)

* The previous version of the /etc/udev/rules.d/60-raw.rules file
contained a statement that both this file and raw devices are
deprecated. This is no longer true and the Red Hat Enterprise Linux
kernel supports this functionality. With this update, the
aforementioned file no longer contains this incorrect statement.
(BZ#716995)

* Previously, an attempt to use the cfdisk utility to read the default
Red Hat Enterprise Linux 6 partition layout failed with an error. This
update corrects this error and the cfdisk utility can now read the
default partition layout as expected. (BZ#723352)

* The previous version of the tailf(1) manual page incorrectly stated
that users can use the '--lines=NUMBER' command line option to limit
the number of displayed lines. However, the tailf utility does not
allow the use of the equals sign (=) between the option and its
argument. This update corrects this error. (BZ#679831)

* The fstab(5) manual page has been updated to clarify that empty
lines in the /etc/fstab configuration file are ignored. (BZ#694648)

As well, this update adds the following enhancements :

* A new fstrim utility has been added to the package. This utility
allows the root user to discard unused blocks on a mounted file
system. (BZ#692119)

* The login utility has been updated to provide support for failed
login attempts that are reported by PAM. (BZ#696731)

* The lsblk utility has been updated to provide additional information
about the topology and status of block devices. (BZ#723638)

* The agetty utility has been updated to pass the hostname to the
login utility. (BZ#726092)

All users of util-linux-ng are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and
add these enhancements."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-1675"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-1677"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2011:1691"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libblkid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libblkid-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuuid");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuuid-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux-ng");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux-ng-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:uuidd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2011:1691";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"libblkid-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"libblkid-devel-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"libuuid-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"libuuid-devel-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"util-linux-ng-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"util-linux-ng-debuginfo-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"uuidd-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"uuidd-2.17.2-12.4.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"uuidd-2.17.2-12.4.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libblkid / libblkid-devel / libuuid / libuuid-devel / util-linux-ng / etc");
  }
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(61200);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:20");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");

  script_name(english:"Scientific Linux Security Update : util-linux-ng on SL6.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The util-linux-ng packages contain a large variety of low-level system
utilities that are necessary for a Linux operating system to function.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use
these flaws to corrupt the mtab file and create a stale lock file,
preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

  - Due to a hard-coded limit of 128 devices, an attempt to
    run the 'blkid -c' command on more than 128 devices
    caused blkid to terminate unexpectedly. This update
    increases the maximum number of devices to 8192 so that
    blkid no longer crashes in this scenario.

  - Previously, the 'swapon -a' command did not detect
    device-mapper devices that were already in use. This
    update corrects the swapon utility to detect such
    devices as expected.

  - Prior to this update, the presence of an invalid line in
    the /etc/fstab file could cause the umount utility to
    terminate unexpectedly with a segmentation fault. This
    update applies a patch that corrects this error so that
    umount now correctly reports invalid lines and no longer
    crashes.

  - Previously, an attempt to use the wipefs utility on a
    partitioned device caused the utility to terminate
    unexpectedly with an error. This update adapts wipefs to
    only display a warning message in this situation.

  - When providing information on interprocess communication
    (IPC) facilities, the ipcs utility could previously
    display a process owner as a negative number if the
    user's UID was too large. This update adapts the
    underlying source code to make sure the UID values are
    now displayed correctly.

  - In the installation scriptlets, the uuidd package uses
    the chkconfig utility to enable and disable the uuidd
    service. Previously, this package did not depend on the
    chkconfig package, which could lead to errors during
    installation if chkconfig was not installed. This update
    adds chkconfig to the list of dependencies so that such
    errors no longer occur.

  - The previous version of the
    /etc/udev/rules.d/60-raw.rules file contained a
    statement that both this file and raw devices are
    deprecated. This is no longer true and the Scientific
    Linux kernel supports this functionality. With this
    update, the aforementioned file no longer contains this
    incorrect statement.

  - Previously, an attempt to use the cfdisk utility to read
    the default Scientific Linux 6 partition layout failed
    with an error. This update corrects this error and the
    cfdisk utility can now read the default partition layout
    as expected.

  - The previous version of the tailf(1) manual page
    incorrectly stated that users can use the
    '--lines=NUMBER' command line option to limit the number
    of displayed lines. However, the tailf utility does not
    allow the use of the equals sign (=) between the option
    and its argument. This update corrects this error.

  - The fstab(5) manual page has been updated to clarify
    that empty lines in the /etc/fstab configuration file
    are ignored.

As well, this update adds the following enhancements :

  - A new fstrim utility has been added to the package. This
    utility allows the root user to discard unused blocks on
    a mounted file system.

  - The login utility has been updated to provide support
    for failed login attempts that are reported by PAM.

  - The lsblk utility has been updated to provide additional
    information about the topology and status of block
    devices.

  - The agetty utility has been updated to pass the hostname
    to the login utility.

All users of util-linux-ng are advised to upgrade to these updated
packages, which contain backported patches to correct these issues and
add these enhancements."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=1321
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?fa33b746"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"libblkid-2.17.2-12.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"libblkid-devel-2.17.2-12.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"libuuid-2.17.2-12.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"libuuid-devel-2.17.2-12.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"util-linux-ng-2.17.2-12.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"util-linux-ng-debuginfo-2.17.2-12.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"uuidd-2.17.2-12.4.el6")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(61272);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");

  script_name(english:"Scientific Linux Security Update : util-linux on SL5.x i386/x86_64 (20120221)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use
these flaws to corrupt the mtab file and create a stale lock file,
preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

  - When the user logged into a telnet server, the login
    utility did not update the utmp database properly if the
    utility was executed from the telnetd daemon. This was
    due to telnetd not creating an appropriate entry in a
    utmp file before executing login. With this update,
    correct entries are created and the database is updated
    properly.

  - Various options were not described on the blockdev(8)
    manual page. With this update, the blockdev(8) manual
    page includes all the relevant options.

  - Prior to this update, the build process of the
    util-linux package failed in the po directory with the
    following error message: '@MKINSTALLDIRS@: No such file
    or directory'. An upstream patch has been applied to
    address this issue, and the util-linux package now
    builds successfully.

  - Previously, the ipcs(1) and ipcrm(1) manual pages
    mentioned an invalid option, '-b'. With this update,
    only valid options are listed on those manual pages.

  - Previously, the mount(8) manual page contained
    incomplete information about the ext4 and XFS file
    systems. With this update, the mount(8) manual page
    contains the missing information.

In addition, this update adds the following enhancements :

  - Previously, if DOS mode was enabled on a device, the
    fdisk utility could report error messages similar to the
    following :

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by
specifying the '-c' option), and such error messages are no longer
displayed.

  - This update adds the 'fsfreeze' command which halts
    access to a file system on a disk.

All users of util-linux are advised to upgrade to this updated
package, which contains backported patches to correct these issues and
add these enhancements."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=3164
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?82291f93"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected util-linux and / or util-linux-debuginfo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:util-linux-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"util-linux-2.13-0.59.el5")) flag++;
if (rpm_check(release:"SL5", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201405-15.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(74058);
  script_version("1.4");
  script_cvs_date("Date: 2018/12/05 20:31:22");

  script_cve_id("CVE-2011-1675", "CVE-2011-1676", "CVE-2011-1677", "CVE-2013-0157");
  script_bugtraq_id(50941, 57168);
  script_xref(name:"GLSA", value:"201405-15");

  script_name(english:"GLSA-201405-15 : util-linux: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201405-15
(util-linux: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in util-linux. Please
      review the CVE identifiers referenced below for details.
  
Impact :

    A local attacker may be able to cause a Denial of Service condition,
      trigger corruption of /etc/mtab, obtain sensitive information, or have
      other unspecified impact.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201405-15"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All util-linux users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=sys-apps/util-linux-2.22.2'"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"sys-apps/util-linux", unaffected:make_list("ge 2.22.2"), vulnerable:make_list("lt 2.22.2"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2012:0168. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79283);
  script_version("1.11");
  script_cvs_date("Date: 2019/10/24 15:35:35");

  script_cve_id("CVE-2006-1168", "CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-4008", "CVE-2011-0216", "CVE-2011-1083", "CVE-2011-1089", "CVE-2011-1526", "CVE-2011-2716", "CVE-2011-2834", "CVE-2011-3638", "CVE-2011-3905", "CVE-2011-3919", "CVE-2011-4086", "CVE-2011-4109", "CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0028", "CVE-2012-0029", "CVE-2012-0207");
  script_bugtraq_id(51281, 51343, 51642);
  script_xref(name:"RHSA", value:"2012:0168");

  script_name(english:"RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated rhev-hypervisor5 package that fixes several security issues
and various bugs is now available.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The rhev-hypervisor5 package provides a Red Hat Enterprise
Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
(KVM) hypervisor. It includes everything necessary to run and manage
virtual machines: A subset of the Red Hat Enterprise Linux operating
environment and the Red Hat Enterprise Virtualization Agent.

Note: Red Hat Enterprise Virtualization Hypervisor is only available
for the Intel 64 and AMD64 architectures with virtualization
extensions.

A heap overflow flaw was found in the way QEMU-KVM emulated the e1000
network interface card. A privileged guest user in a virtual machine
whose network interface is configured to use the e1000 emulated driver
could use this flaw to crash the host or, possibly, escalate their
privileges on the host. (CVE-2012-0029)

A divide-by-zero flaw was found in the Linux kernel's
igmp_heard_query() function. An attacker able to send certain IGMP
(Internet Group Management Protocol) packets to a target system could
use this flaw to cause a denial of service. (CVE-2012-0207)

A double free flaw was discovered in the policy checking code in
OpenSSL. A remote attacker could use this flaw to crash an application
that uses OpenSSL by providing an X.509 certificate that has specially
crafted policy extension data. (CVE-2011-4109)

An information leak flaw was found in the SSL 3.0 protocol
implementation in OpenSSL. Incorrect initialization of SSL record
padding bytes could cause an SSL client or server to send a limited
amount of possibly sensitive data to its SSL peer via the encrypted
connection. (CVE-2011-4576)

It was discovered that OpenSSL did not limit the number of TLS/SSL
handshake restarts required to support Server Gated Cryptography. A
remote attacker could use this flaw to make a TLS/SSL server using
OpenSSL consume an excessive amount of CPU by continuously restarting
the handshake. (CVE-2011-4619)

Red Hat would like to thank Nicolae Mogoreanu for reporting
CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207.

This updated package provides updated components that include fixes
for various security issues. These issues have no security impact on
Red Hat Enterprise Virtualization Hypervisor itself, however. The
security fixes included in this update address the following CVE
numbers :

CVE-2006-1168 and CVE-2011-2716 (busybox issues)

CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc
issues)

CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and
CVE-2012-0028 (kernel issues)

CVE-2011-1526 (krb5 issue)

CVE-2011-4347 (kvm issue)

CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905,
CVE-2011-3919 and CVE-2011-1944 (libxml2 issues)

CVE-2011-1749 (nfs-utils issue)

CVE-2011-4108 (openssl issue)

CVE-2011-0010 (sudo issue)

CVE-2011-1675 and CVE-2011-1677 (util-linux issues)

CVE-2010-0424 (vixie-cron issue)

This updated rhev-hypervisor5 package fixes various bugs.
Documentation of these changes will be available shortly in the
Technical Notes document :

https://docs.redhat.com/docs/en-US/
Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes
/ index.html

Users of Red Hat Enterprise Virtualization Hypervisor are advised to
upgrade to this updated package, which fixes these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-4109"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-4576"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2011-4619"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2012-0029"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2012-0207"
  );
  # https://docs.redhat.com/docs/en-US/
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/documentation/en-US/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2012:0168"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected rhev-hypervisor5 and / or rhev-hypervisor5-tools
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2012:0168";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", reference:"rhev-hypervisor5-5.8-20120202.0.el5")) flag++;
  if (rpm_check(release:"RHEL5", reference:"rhev-hypervisor5-tools-5.8-20120202.0.el5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor5 / rhev-hypervisor5-tools");
  }
}

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2012:083. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(59304);
  script_version("1.9");
  script_cvs_date("Date: 2019/08/02 13:32:54");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");
  script_bugtraq_id(50941);
  script_xref(name:"MDVSA", value:"2012:083");

  script_name(english:"Mandriva Linux Security Advisory : util-linux (MDVSA-2012:083)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple vulnerabilities has been discovered and corrected in
util-linux :

mount in util-linux 2.19 and earlier attempts to append to the
/etc/mtab.tmp file without first checking whether resource limits
would interfere, which allows local users to trigger corruption of the
/etc/mtab file via a process with a small RLIMIT_FSIZE value, a
related issue to CVE-2011-1089 (CVE-2011-1675).

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~
lock file after a failed attempt to add a mount entry, which has
unspecified impact and local attack vectors (CVE-2011-1677).

The updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64blkid-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64blkid1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mount-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mount1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64uuid-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64uuid1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libblkid-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libblkid1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmount-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmount1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuuid-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuuid1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux-ng");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:uuidd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64blkid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64blkid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64uuid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64uuid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libblkid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libblkid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libuuid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libuuid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"util-linux-ng-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.1", reference:"uuidd-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64blkid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64blkid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64mount-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64mount1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64uuid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64uuid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libblkid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libblkid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libmount-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libmount1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libuuid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libuuid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"util-linux-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2011", reference:"uuidd-2.19-3.2-mdv2011.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");