Vulnerabilities > CVE-2013-1430 - Credentials Management vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
neutrinolabs
debian
CWE-255
critical
nessus

Summary

An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1847-1.NASL
    descriptionThis update for xrdp fixes the following issues : These security issues were fixed : CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user
    last seen2020-06-01
    modified2020-06-02
    plugin id126738
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126738
    titleSUSE SLED12 / SLES12 Security Update : xrdp (SUSE-SU-2019:1847-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1847-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126738);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2013-1430", "CVE-2017-16927", "CVE-2017-6967");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : xrdp (SUSE-SU-2019:1847-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for xrdp fixes the following issues :
    
    These security issues were fixed :
    
    CVE-2013-1430: When successfully logging in using RDP into an xrdp
    session, the file ~/.vnc/sesman_${username}_passwd was created. Its
    content was the equivalent of the user's cleartext password, DES
    encrypted with a known key (bsc#1015567).
    
    CVE-2017-16927: The scp_v0s_accept function in
    sesman/libscp/libscp_v0.c in the session manager in xrdp through used
    an untrusted integer as a write length, which could lead to a local
    denial of service (bsc#1069591).
    
    CVE-2017-6967: Fixed call of the PAM function auth_start_session().
    This lead to to PAM session modules not being properly initialized,
    with a potential consequence of incorrect configurations or elevation
    of privileges, aka a pam_limits.so bypass (bsc#1029912).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-1430/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16927/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6967/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191847-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d69cce7d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-1847=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-1847=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6967");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", reference:"xrdp-0.9.0~git.1456906198.f422461-21.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xrdp-0.9.0~git.1456906198.f422461-21.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xrdp-debuginfo-0.9.0~git.1456906198.f422461-21.9.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"xrdp-debugsource-0.9.0~git.1456906198.f422461-21.9.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xrdp");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-8FFFBAE8AF.NASL
    descriptionWARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don
    last seen2020-06-05
    modified2017-02-24
    plugin id97365
    published2017-02-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97365
    titleFedora 25 : 1:xrdp (2017-8fffbae8af)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-8fffbae8af.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97365);
      script_version("3.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1430");
      script_xref(name:"FEDORA", value:"2017-8fffbae8af");
    
      script_name(english:"Fedora 25 : 1:xrdp (2017-8fffbae8af)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "WARNING: Please note that this update comes with a slightly different
    syntax of sesman.ini file, so if you edited this file by hand, you may
    need to look at the .rpmnew file and merge any required changes by
    hand.
    
    This release also creates three files in /etc/xrdp directory if they
    don't already exist or are empty :
    
      - rsakeys.ini
    
      - cert.pem
    
      - key.pem
    
    Also note that in Fedora, the only backend that will really work is
    still Xvnc for now.
    
    New features
    
      - New xorgxrdp backend using existing Xorg with additional
        modules
    
      - Improvements to X11rdp backend
    
      - Support for IPv6 (disabled by default)
    
      - Initial support for RemoteFX Codec (disabled by default)
    
      - Support for TLS security layer (preferred over RDP layer
        if supported by the client)
    
      - Support for disabling deprecated SSLv3 protocol and for
        selecting custom cipher suites in xrdp.ini
    
      - Support for bidirectional fastpath (enabled in both
        directions by default)
    
      - Support clients that don't support drawing orders, such
        as MS RDP client for Android, ChromeRDP (disabled by
        default)
    
      - More configurable login screen
    
      - Support for new virtual channels :
    
        - rdpdr: device redirection
    
        - rdpsnd: audio output
    
        - cliprdr: clipboard
    
        - xrdpvr: xrdp video redirection channel (can be used
          along with NeutrinoRDP client)
    
      - Support for disabling virtual channels globally or by
        session type
    
      - Allow to specify the path for backends (Xorg, X11rdp,
        Xvnc)
    
      - Added files for systemd support
    
      - Multi-monitor support
    
      - xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now
    
    Security fixes
    
      - User's password could be recovered from the Xvnc
        password file
    
      - X11 authentication was not used
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8fffbae8af"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:xrdp package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:xrdp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/02/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"xrdp-0.9.1-5.fc25", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:xrdp");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1860-1.NASL
    descriptionThis update for xrdp fixes the following issues : Security issues fixed : CVE-2013-1430: When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd was created. Its content was the equivalent of the user
    last seen2020-06-01
    modified2020-06-02
    plugin id126771
    published2019-07-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126771
    titleSUSE SLES12 Security Update : xrdp (SUSE-SU-2019:1860-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1860-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126771);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2013-1430", "CVE-2017-16927", "CVE-2017-6967");
    
      script_name(english:"SUSE SLES12 Security Update : xrdp (SUSE-SU-2019:1860-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for xrdp fixes the following issues :
    
    Security issues fixed :
    
    CVE-2013-1430: When successfully logging in using RDP into an xrdp
    session, the file ~/.vnc/sesman_${username}_passwd was created. Its
    content was the equivalent of the user's cleartext password, DES
    encrypted with a known key (bsc#1015567).
    
    CVE-2017-16927: The scp_v0s_accept function in
    sesman/libscp/libscp_v0.c in the session manager in xrdp through used
    an untrusted integer as a write length, which could lead to a local
    denial of service (bsc#1069591).
    
    CVE-2017-6967: Fixed call of the PAM function auth_start_session().
    This lead to to PAM session modules not being properly initialized,
    with a potential consequence of incorrect configurations or elevation
    of privileges, aka a pam_limits.so bypass (bsc#1029912).
    
    Other issues addressed: The KillDisconnected option for TigerVNC Xvnc
    sessions is now supported (bsc#1101506)
    
    Fixed an issue with delayed X KeyRelease events (bsc#1100453)
    
    Force xrdp-sesman.service to start after xrdp.service. (bsc#1014524)
    
    Avoid use of hard-coded sesman port. (bsc#1060644)
    
    Backport upstream commit 5575197, sesman should stop setting LANG and
    let initialization scripts take care of it (bsc#1023988).
    
    Backport upstream patches for 32bpp support (bsc#1022098).
    
    Fixed a regression connecting from Windows 10. (bsc#1090174)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022098"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1023988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1101506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-1430/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16927/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6967/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191860-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?042b34d1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-1860=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-1860=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-1860=1
    
    SUSE Enterprise Storage 4:zypper in -t patch
    SUSE-Storage-4-2019-1860=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6967");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xrdp-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"2", reference:"xrdp-0.9.0~git.1456906198.f422461-16.9.3")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"xrdp-debuginfo-0.9.0~git.1456906198.f422461-16.9.3")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"xrdp-debugsource-0.9.0~git.1456906198.f422461-16.9.3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xrdp");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-05E32FE278.NASL
    descriptionWARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don
    last seen2020-06-05
    modified2017-03-03
    plugin id97500
    published2017-03-03
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97500
    titleFedora 24 : 1:xrdp (2017-05e32fe278)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-05e32fe278.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97500);
      script_version("3.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1430");
      script_xref(name:"FEDORA", value:"2017-05e32fe278");
    
      script_name(english:"Fedora 24 : 1:xrdp (2017-05e32fe278)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "WARNING: Please note that this update comes with a slightly different
    syntax of sesman.ini file, so if you edited this file by hand, you may
    need to look at the .rpmnew file and merge any required changes by
    hand.
    
    This release also creates three files in /etc/xrdp directory if they
    don't already exist or are empty :
    
      - rsakeys.ini
    
      - cert.pem
    
      - key.pem
    
    Also note that in Fedora, the only backend that will really work is
    still Xvnc for now.
    
    New features
    
      - New xorgxrdp backend using existing Xorg with additional
        modules
    
      - Improvements to X11rdp backend
    
      - Support for IPv6 (disabled by default)
    
      - Initial support for RemoteFX Codec (disabled by default)
    
      - Support for TLS security layer (preferred over RDP layer
        if supported by the client)
    
      - Support for disabling deprecated SSLv3 protocol and for
        selecting custom cipher suites in xrdp.ini
    
      - Support for bidirectional fastpath (enabled in both
        directions by default)
    
      - Support clients that don't support drawing orders, such
        as MS RDP client for Android, ChromeRDP (disabled by
        default)
    
      - More configurable login screen
    
      - Support for new virtual channels :
    
        - rdpdr: device redirection
    
        - rdpsnd: audio output
    
        - cliprdr: clipboard
    
        - xrdpvr: xrdp video redirection channel (can be used
          along with NeutrinoRDP client)
    
      - Support for disabling virtual channels globally or by
        session type
    
      - Allow to specify the path for backends (Xorg, X11rdp,
        Xvnc)
    
      - Added files for systemd support
    
      - Multi-monitor support
    
      - xrdp-chansrv stroes logs in ${XDG_DATA_HOME}/xrdp now
    
    Security fixes
    
      - User's password could be recovered from the Xvnc
        password file
    
      - X11 authentication was not used
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e32fe278"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 1:xrdp package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:xrdp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"xrdp-0.9.1-5.fc24", epoch:"1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:xrdp");
    }