Vulnerabilities > CVE-2013-2131 - Use of Externally-Controlled Format String vulnerability in Rrdtool Project Rrdtool 1.4.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Format String Injection An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
- String Format Overflow in syslog() This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.
Exploit-Db
| description | Python RRDtool Module Function Format String Vulnerability. CVE-2013-2131. Remote exploits for multiple platform |
| id | EDB-ID:38521 |
| last seen | 2016-02-04 |
| modified | 2013-05-18 |
| published | 2013-05-18 |
| reporter | Thomas Pollet |
| source | https://www.exploit-db.com/download/38521/ |
| title | Python RRDtool Module Function Format String Vulnerability |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-175.NASL description This update for rrdtool fixes the following issues : - CVE-2013-2131: Added check to the imginfo format to prevent crash or exploit (boo#828003) - Fixed an infinite loop and crashing with pango [boo#1080251] last seen 2020-06-05 modified 2018-02-20 plugin id 106893 published 2018-02-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106893 title openSUSE Security Update : rrdtool (openSUSE-2018-175) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-175. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106893); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-2131"); script_name(english:"openSUSE Security Update : rrdtool (openSUSE-2018-175)"); script_summary(english:"Check for the openSUSE-2018-175 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for rrdtool fixes the following issues : - CVE-2013-2131: Added check to the imginfo format to prevent crash or exploit (boo#828003) - Fixed an infinite loop and crashing with pango [boo#1080251]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1080251" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=828003" ); script_set_attribute( attribute:"solution", value:"Update the affected rrdtool packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lua-rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lua-rrdtool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-rrdtool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rrdtool-cached"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rrdtool-cached-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rrdtool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rrdtool-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rrdtool-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-rrdtool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcl-rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:tcl-rrdtool-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"lua-rrdtool-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"lua-rrdtool-debuginfo-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-rrdtool-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-rrdtool-debuginfo-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"rrdtool-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"rrdtool-cached-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"rrdtool-cached-debuginfo-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"rrdtool-debuginfo-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"rrdtool-debugsource-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"rrdtool-devel-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ruby-rrdtool-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"ruby-rrdtool-debuginfo-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"tcl-rrdtool-1.4.7-26.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"tcl-rrdtool-debuginfo-1.4.7-26.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lua-rrdtool / lua-rrdtool-debuginfo / python-rrdtool / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-10288.NASL description This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking. This is an new version of rrdtool that fixes several bugs. The main new feature of this release is that large graph expressions are processed magnitudes faster. For more details see the original announcement http://oss.oetiker.ch/rrdtool/forum.en.html#nabble-f937719 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-12 plugin id 67277 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67277 title Fedora 19 : rrdtool-1.4.8-2.fc19 (2013-10288) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-10288. # include("compat.inc"); if (description) { script_id(67277); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-2131"); script_bugtraq_id(60004); script_xref(name:"FEDORA", value:"2013-10288"); script_name(english:"Fedora 19 : rrdtool-1.4.8-2.fc19 (2013-10288)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking. This is an new version of rrdtool that fixes several bugs. The main new feature of this release is that large graph expressions are processed magnitudes faster. For more details see the original announcement http://oss.oetiker.ch/rrdtool/forum.en.html#nabble-f937719 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://oss.oetiker.ch/rrdtool/forum.en.html#nabble-f937719 script_set_attribute( attribute:"see_also", value:"https://oss.oetiker.ch/rrdtool/forum.en.html#nabble-f937719" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=966639" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=969310" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109501.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c64e7157" ); script_set_attribute( attribute:"solution", value:"Update the affected rrdtool package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rrdtool"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"rrdtool-1.4.8-2.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rrdtool"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0103-1.NASL description This update for rrdtool provides the following fixes : - CVE-2013-2131: Enhance imginfo format validation checks to prevent crashes. (bsc#828003) - Add rrdtool-cached sub-package to SLE 12-SP1. (bsc#967671) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 96405 published 2017-01-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/96405 title SUSE SLED12 / SLES12 Security Update : rrdtool (SUSE-SU-2017:0103-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:0103-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(96405); script_version("3.6"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2013-2131"); script_bugtraq_id(60004); script_name(english:"SUSE SLED12 / SLES12 Security Update : rrdtool (SUSE-SU-2017:0103-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for rrdtool provides the following fixes : - CVE-2013-2131: Enhance imginfo format validation checks to prevent crashes. (bsc#828003) - Add rrdtool-cached sub-package to SLE 12-SP1. (bsc#967671) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=828003" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=967671" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-2131/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20170103-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f78c3797" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-45=1 SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-45=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-45=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-45=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-45=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-45=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-45=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rrdtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rrdtool-cached"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rrdtool-cached-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rrdtool-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rrdtool-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"rrdtool-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"rrdtool-cached-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"rrdtool-cached-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"rrdtool-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"rrdtool-debugsource-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"rrdtool-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"rrdtool-cached-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"rrdtool-cached-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"rrdtool-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"rrdtool-debugsource-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"rrdtool-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"rrdtool-cached-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"rrdtool-cached-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"rrdtool-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"rrdtool-debugsource-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"rrdtool-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"rrdtool-cached-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"rrdtool-cached-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"rrdtool-debuginfo-1.4.7-20.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"rrdtool-debugsource-1.4.7-20.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rrdtool"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-10309.NASL description This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-07-12 plugin id 67278 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67278 title Fedora 18 : rrdtool-1.4.8-2.fc18 (2013-10309) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-10309. # include("compat.inc"); if (description) { script_id(67278); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-2131"); script_bugtraq_id(60004); script_xref(name:"FEDORA", value:"2013-10309"); script_name(english:"Fedora 18 : rrdtool-1.4.8-2.fc18 (2013-10309)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=969310" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-June/109369.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2f05c0ed" ); script_set_attribute( attribute:"solution", value:"Update the affected rrdtool package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rrdtool"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"rrdtool-1.4.8-2.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rrdtool"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-778.NASL description rrdtools was updated to add check to the imginfo format to prevent crash or code execution. (bnc#828003, CVE-2013-2131.) last seen 2020-06-05 modified 2014-12-16 plugin id 80050 published 2014-12-16 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80050 title openSUSE Security Update : rrdtool (openSUSE-SU-2014:1646-1)
References
- http://www.openwall.com/lists/oss-security/2013/04/18/5
- http://www.openwall.com/lists/oss-security/2013/05/19/5
- http://www.openwall.com/lists/oss-security/2013/05/31/2
- https://bugzilla.redhat.com/show_bug.cgi?id=969296
- https://github.com/oetiker/rrdtool-1.x/issues/396
- https://github.com/oetiker/rrdtool-1.x/pull/397