Vulnerabilities > CVE-2011-4088 - Information Exposure vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
abrt-project
fedoraproject
redhat
CWE-200
nessus

Summary

ABRT might allow attackers to obtain sensitive information from crash reports.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-16990.NASL
    descriptionThe remote Fedora host is missing one or more security updates : libreport-2.0.8-3.fc16 : - Fri Dec 9 2011 Jiri Moskovcak <jmoskovc at redhat.com> 2.0.8-3 - fixed few crashes in bodhi plugin - Thu Dec 8 2011 Jiri Moskovcak <jmoskovc at redhat.com> 2.0.8-2 - fixed crash in bodhi plugin - re-upload better backtrace if available - fixed dupe finding for selinux - don
    last seen2020-06-01
    modified2020-06-02
    plugin id57328
    published2011-12-19
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57328
    titleFedora 16 : abrt-2.0.7-2.fc16 / libreport-2.0.8-3.fc16 (2011-16990)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-16990.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57328);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_cve_id("CVE-2011-4088");
      script_xref(name:"FEDORA", value:"2011-16990");
    
      script_name(english:"Fedora 16 : abrt-2.0.7-2.fc16 / libreport-2.0.8-3.fc16 (2011-16990)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Fedora host is missing one or more security updates :
    
    libreport-2.0.8-3.fc16 :
    
      - Fri Dec 9 2011 Jiri Moskovcak <jmoskovc at redhat.com>
        2.0.8-3
    
        - fixed few crashes in bodhi plugin
    
        - Thu Dec 8 2011 Jiri Moskovcak <jmoskovc at redhat.com>
          2.0.8-2
    
        - fixed crash in bodhi plugin
    
        - re-upload better backtrace if available
    
        - fixed dupe finding for selinux
    
        - don't duplicate comments in bugzilla
    
        - fixed problem with empty release
    
        - Tue Dec 6 2011 Jiri Moskovcak <jmoskovc at redhat.com>
          2.0.8-1
    
        - new version
    
        - added bodhi plugin rhbz#655783
    
        - one tab per file on details page rhbz#751833
    
        - search box search thru all data (should help with
          privacy) rhbz#748457
    
        - fixed close button position rhbz#741230
    
        - rise the attachment limit to 4kb rhbz#712602
    
        - fixed make check (rpath problem)
    
        - save chnages in editable lines rhbz#710100
    
        - ignore backup files rhbz#707959
    
        - added support for proxies rhbz#533652
    
        - Resolves: 753183 748457 737991 723219 712602 711986
          692274 636000 631856 655783 741257 748457 741230
          712602 753183 748457 741230 712602 710100 707959
          533652
    
        - Sat Nov 5 2011 Jiri Moskovcak <jmoskovc at redhat.com>
          2.0.7-2
    
        - bumped release
    
        - Fri Nov 4 2011 Jiri Moskovcak <jmoskovc at redhat.com>
          2.0.7-1
    
        - new version
    
        - added support for bodhi (preview)
    
        - dropped unused patches
    
        - reporter-bugzilla/rhts: add code to prevent duplicate
          reporting. Closes rhbz#727494 (dvlasenk at redhat.com)
    
        - wizard: search thru all items + tabbed details
          rhbz#748457 (jmoskovc at redhat.com)
    
        - wizard: add 'I don't know what caused this problem'
          checkbox. Closes rhbz#712508 (dvlasenk at redhat.com)
    
        - reporter-bugzilla: add optional 'Product' parameter.
          Closes rhbz#665210 (dvlasenk at redhat.com)
    
        - rhbz#728190 - man pages contain suspicious version
          string (npajkovs at redhat.com)
    
        - reporter-print: expand leading ~/ if present. Closes
          rhbz#737991 (dvlasenk at redhat.com)
    
        - reporter-rhtsupport: ask rs/problems endpoint before
          creating new case. (working on rhbz#677052) (dvlasenk
          at redhat.com)
    
        - reporter-mailx: use Bugzilla's output format. Closes
          rhbz#717321. (dvlasenk at redhat.com)
    
        - report-newt: add option to display version
          (rhbz#741590) (mlichvar at redhat.com)
    
        - Resolves: #727494 #748457 #712508 #665210 rhbz#728190
          #737991 #677052 #717321 #741590
    
    abrt-2.0.7-2.fc16 :
    
      - Thu Dec 8 2011 Jiri Moskovcak <jmoskovc at redhat.com>
        2.0.7-2
    
        - added man page
    
        - fixed weird number formatting
    
        - Wed Dec 7 2011 Jiri Moskovcak <jmoskovc at redhat.com>
          2.0.7-1
    
        - new version
    
        - disabled kerneloops.org
    
        - abrt-ccpp hook fixes
    
        - catch indentation errors in python rhbz#578969
    
        - fixed make check
    
        - fixed retrace-client to work with rawhide
    
        - require abrtd service in other services rhbz#752014
    
        - fixed problems with dupes rhbz#701717
    
        - keep abrt services enabled when updating F15->F16
    
        - Resolves: 752014 749891 749603 744887 730422 665210
          639068 625445 701717 752014 578969 732876 757683
          753183 756146 749100
    
        - Fri Nov 4 2011 Jiri Moskovcak <jmoskovc at redhat.com>
          2.0.6-1
    
        - new version
    
        - Resolves: #701171 #712508 #726033 #728194 #728314
          #730107 #733389 #738602
    
        - Resolves: #741242 #749365 #700252 #734298 #736016
          #738324 #748457 #692274
    
        - Resolves: #711986 #723219 #749891 #712602 #744887
          #749603 #625445 #665210
    
        - Resolves: #737991 #639068 #578969 #636000 #631856
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=749854"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071026.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c5f77b2d"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/071027.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e1ca5f3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected abrt and / or libreport packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:abrt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreport");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC16", reference:"abrt-2.0.7-2.fc16")) flag++;
    if (rpm_check(release:"FC16", reference:"libreport-2.0.8-3.fc16")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / libreport");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0841.NASL
    descriptionFrom Red Hat Security Advisory 2012:0841 : Updated abrt, libreport, btparser, and python-meh packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them. The python-meh package provides a python library for handling exceptions. If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to
    last seen2020-06-01
    modified2020-06-02
    plugin id68553
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68553
    titleOracle Linux 6 : abrt / btparser / libreport / python-meh (ELSA-2012-0841)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2012:0841 and 
    # Oracle Linux Security Advisory ELSA-2012-0841 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68553);
      script_version("1.5");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2011-4088", "CVE-2012-1106");
      script_bugtraq_id(51100, 54121);
      script_xref(name:"RHSA", value:"2012:0841");
    
      script_name(english:"Oracle Linux 6 : abrt / btparser / libreport / python-meh (ELSA-2012-0841)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2012:0841 :
    
    Updated abrt, libreport, btparser, and python-meh packages that fix
    two security issues and several bugs are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect
    defects in applications and to create a bug report with all the
    information needed by a maintainer to fix it. It uses a plug-in system
    to extend its functionality. libreport provides an API for reporting
    different problems in applications to different bug targets, such as
    Bugzilla, FTP, and Trac.
    
    The btparser utility is a backtrace parser and analyzer library, which
    works with backtraces produced by the GNU Project Debugger. It can
    parse a text file with a backtrace to a tree of C structures, allowing
    to analyze the threads and frames of the backtrace and process them.
    
    The python-meh package provides a python library for handling
    exceptions.
    
    If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp
    package installed and the abrt-ccpp service running), and the sysctl
    fs.suid_dumpable option was set to '2' (it is '0' by default), core
    dumps of set user ID (setuid) programs were created with insecure
    group ID permissions. This could allow local, unprivileged users to
    obtain sensitive information from the core dump files of setuid
    processes they would otherwise not be able to access. (CVE-2012-1106)
    
    ABRT did not allow users to easily search the collected crash
    information for sensitive data prior to submitting it. This could lead
    to users unintentionally exposing sensitive information via the
    submitted crash reports. This update adds functionality to search
    across all the collected data. Note that this fix does not apply to
    the default configuration, where reports are sent to Red Hat Customer
    Support. It only takes effect for users sending information to Red Hat
    Bugzilla. (CVE-2011-4088)
    
    Red Hat would like to thank Jan Iven for reporting CVE-2011-4088.
    
    These updated packages include numerous bug fixes. Space precludes
    documenting all of these changes in this advisory. Users are directed
    to the Red Hat Enterprise Linux 6.3 Technical Notes for information on
    the most significant of these changes.
    
    All users of abrt, libreport, btparser, and python-meh are advised to
    upgrade to these updated packages, which correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2012-July/002905.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-ccpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-kerneloops");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-addon-vmcore");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:abrt-tui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:btparser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:btparser-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:btparser-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-gtk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-newt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-bugzilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-kerneloops");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-mailx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-plugin-reportuploader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libreport-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-meh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/07/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"abrt-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-addon-ccpp-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-addon-kerneloops-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-addon-python-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-addon-vmcore-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-cli-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-desktop-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-devel-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-gui-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-libs-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"abrt-tui-2.0.8-6.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"btparser-0.16-3.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"btparser-devel-0.16-3.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"btparser-python-0.16-3.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-cli-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-devel-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-gtk-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-gtk-devel-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-newt-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-plugin-bugzilla-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-plugin-kerneloops-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-plugin-logger-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-plugin-mailx-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-plugin-reportuploader-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"libreport-python-2.0.9-5.0.1.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-meh-0.12.1-3.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0841.NASL
    descriptionUpdated abrt, libreport, btparser, and python-meh packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them. The python-meh package provides a python library for handling exceptions. If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to
    last seen2020-06-01
    modified2020-06-02
    plugin id59589
    published2012-06-20
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59589
    titleRHEL 6 : abrt, libreport, btparser, and python-meh (RHSA-2012:0841)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2012:0841. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59589);
      script_version ("1.16");
      script_cvs_date("Date: 2020/02/06");
    
      script_cve_id("CVE-2011-4088", "CVE-2012-1106");
      script_xref(name:"RHSA", value:"2012:0841");
    
      script_name(english:"RHEL 6 : abrt, libreport, btparser, and python-meh (RHSA-2012:0841)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated abrt, libreport, btparser, and python-meh packages that fix
    two security issues and several bugs are now available for Red Hat
    Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect
    defects in applications and to create a bug report with all the
    information needed by a maintainer to fix it. It uses a plug-in system
    to extend its functionality. libreport provides an API for reporting
    different problems in applications to different bug targets, such as
    Bugzilla, FTP, and Trac.
    
    The btparser utility is a backtrace parser and analyzer library, which
    works with backtraces produced by the GNU Project Debugger. It can
    parse a text file with a backtrace to a tree of C structures, allowing
    to analyze the threads and frames of the backtrace and process them.
    
    The python-meh package provides a python library for handling
    exceptions.
    
    If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp
    package installed and the abrt-ccpp service running), and the sysctl
    fs.suid_dumpable option was set to '2' (it is '0' by default), core
    dumps of set user ID (setuid) programs were created with insecure
    group ID permissions. This could allow local, unprivileged users to
    obtain sensitive information from the core dump files of setuid
    processes they would otherwise not be able to access. (CVE-2012-1106)
    
    ABRT did not allow users to easily search the collected crash
    information for sensitive data prior to submitting it. This could lead
    to users unintentionally exposing sensitive information via the
    submitted crash reports. This update adds functionality to search
    across all the collected data. Note that this fix does not apply to
    the default configuration, where reports are sent to Red Hat Customer
    Support. It only takes effect for users sending information to Red Hat
    Bugzilla. (CVE-2011-4088)
    
    Red Hat would like to thank Jan Iven for reporting CVE-2011-4088.
    
    These updated packages include numerous bug fixes. Space precludes
    documenting all of these changes in this advisory. Users are directed
    to the Red Hat Enterprise Linux 6.3 Technical Notes for information on
    the most significant of these changes.
    
    All users of abrt, libreport, btparser, and python-meh are advised to
    upgrade to these updated packages, which correct these issues."
      );
      # https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?056c0c27"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2012:0841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-4088"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-1106"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-ccpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-kerneloops");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-addon-vmcore");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:abrt-tui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:btparser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:btparser-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:btparser-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:btparser-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-gtk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-newt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-bugzilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-kerneloops");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-mailx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-reportuploader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-plugin-rhtsupport");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libreport-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-meh");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2012:0841";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-ccpp-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-ccpp-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-ccpp-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-kerneloops-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-kerneloops-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-kerneloops-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-python-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-python-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-python-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-addon-vmcore-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-addon-vmcore-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-addon-vmcore-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-cli-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-cli-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-cli-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"abrt-debuginfo-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-desktop-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-desktop-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-desktop-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"abrt-devel-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-gui-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-gui-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-gui-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"abrt-libs-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"abrt-tui-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"abrt-tui-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"abrt-tui-2.0.8-6.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"btparser-0.16-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"btparser-debuginfo-0.16-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"btparser-devel-0.16-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"btparser-python-0.16-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"btparser-python-0.16-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"btparser-python-0.16-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libreport-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-cli-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-cli-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-cli-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libreport-debuginfo-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libreport-devel-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libreport-gtk-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"libreport-gtk-devel-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-newt-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-newt-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-newt-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-bugzilla-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-bugzilla-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-bugzilla-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-kerneloops-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-kerneloops-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-kerneloops-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-logger-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-logger-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-logger-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-mailx-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-mailx-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-mailx-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-reportuploader-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-reportuploader-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-reportuploader-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"libreport-python-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"libreport-python-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"libreport-python-2.0.9-5.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"python-meh-0.12.1-3.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120620_ABRT__LIBREPORT__BTPARSER__AND_PYTHON_MEH_ON_SL6_X.NASL
    descriptionABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them. The python-meh package provides a python library for handling exceptions. If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to
    last seen2020-03-18
    modified2012-08-01
    plugin id61336
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61336
    titleScientific Linux Security Update : abrt, libreport, btparser, and python-meh on SL6.x i386/x86_64 (20120620)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61336);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2011-4088", "CVE-2012-1106");
    
      script_name(english:"Scientific Linux Security Update : abrt, libreport, btparser, and python-meh on SL6.x i386/x86_64 (20120620)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect
    defects in applications and to create a bug report with all the
    information needed by a maintainer to fix it. It uses a plug-in system
    to extend its functionality. libreport provides an API for reporting
    different problems in applications to different bug targets, such as
    Bugzilla, FTP, and Trac.
    
    The btparser utility is a backtrace parser and analyzer library, which
    works with backtraces produced by the GNU Project Debugger. It can
    parse a text file with a backtrace to a tree of C structures, allowing
    to analyze the threads and frames of the backtrace and process them.
    
    The python-meh package provides a python library for handling
    exceptions.
    
    If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp
    package installed and the abrt-ccpp service running), and the sysctl
    fs.suid_dumpable option was set to '2' (it is '0' by default), core
    dumps of set user ID (setuid) programs were created with insecure
    group ID permissions. This could allow local, unprivileged users to
    obtain sensitive information from the core dump files of setuid
    processes they would otherwise not be able to access. (CVE-2012-1106)
    
    ABRT did not allow users to easily search the collected crash
    information for sensitive data prior to submitting it. This could lead
    to users unintentionally exposing sensitive information via the
    submitted crash reports. This update adds functionality to search
    across all the collected data. (CVE-2011-4088)
    
    These updated packages include numerous bug fixes.
    
    All users of abrt, libreport, btparser, and python-meh are advised to
    upgrade to these updated packages, which correct these issues."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1207&L=scientific-linux-errata&T=0&P=2933
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?416034de"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-ccpp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-kerneloops");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-addon-vmcore");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:abrt-tui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:btparser");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:btparser-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:btparser-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:btparser-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-cli");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-gtk-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-newt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-bugzilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-kerneloops");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-logger");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-mailx");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-reportuploader");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-plugin-rhtsupport");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libreport-python");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-meh");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-addon-ccpp-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-addon-kerneloops-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-addon-python-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"abrt-addon-vmcore-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-cli-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"abrt-debuginfo-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-desktop-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"abrt-devel-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"abrt-gui-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-libs-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"abrt-tui-2.0.8-6.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"btparser-0.16-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"btparser-debuginfo-0.16-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"btparser-devel-0.16-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"btparser-python-0.16-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-cli-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-debuginfo-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-devel-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-gtk-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-gtk-devel-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-newt-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-plugin-bugzilla-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-plugin-kerneloops-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-plugin-logger-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-plugin-mailx-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-plugin-reportuploader-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-plugin-rhtsupport-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"libreport-python-2.0.9-5.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-meh-0.12.1-3.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "abrt / abrt-addon-ccpp / abrt-addon-kerneloops / abrt-addon-python / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2012-0841.NASL
    descriptionUpdated abrt, libreport, btparser, and python-meh packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them. The python-meh package provides a python library for handling exceptions. If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to
    last seen2020-06-01
    modified2020-06-02
    plugin id59924
    published2012-07-11
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59924
    titleCentOS 6 : abrt (CESA-2012:0841)

Redhat

rpms
  • abrt-0:2.0.8-6.el6
  • abrt-addon-ccpp-0:2.0.8-6.el6
  • abrt-addon-kerneloops-0:2.0.8-6.el6
  • abrt-addon-python-0:2.0.8-6.el6
  • abrt-addon-vmcore-0:2.0.8-6.el6
  • abrt-cli-0:2.0.8-6.el6
  • abrt-debuginfo-0:2.0.8-6.el6
  • abrt-desktop-0:2.0.8-6.el6
  • abrt-devel-0:2.0.8-6.el6
  • abrt-gui-0:2.0.8-6.el6
  • abrt-libs-0:2.0.8-6.el6
  • abrt-tui-0:2.0.8-6.el6
  • btparser-0:0.16-3.el6
  • btparser-debuginfo-0:0.16-3.el6
  • btparser-devel-0:0.16-3.el6
  • btparser-python-0:0.16-3.el6
  • libreport-0:2.0.9-5.el6
  • libreport-cli-0:2.0.9-5.el6
  • libreport-debuginfo-0:2.0.9-5.el6
  • libreport-devel-0:2.0.9-5.el6
  • libreport-gtk-0:2.0.9-5.el6
  • libreport-gtk-devel-0:2.0.9-5.el6
  • libreport-newt-0:2.0.9-5.el6
  • libreport-plugin-bugzilla-0:2.0.9-5.el6
  • libreport-plugin-kerneloops-0:2.0.9-5.el6
  • libreport-plugin-logger-0:2.0.9-5.el6
  • libreport-plugin-mailx-0:2.0.9-5.el6
  • libreport-plugin-reportuploader-0:2.0.9-5.el6
  • libreport-plugin-rhtsupport-0:2.0.9-5.el6
  • libreport-python-0:2.0.9-5.el6
  • python-meh-0:0.12.1-3.el6