code | #TRUSTED 0cb871540e62fc487a1f4bc6990480ef6d159bd96ae349063f770d60213b49cee161a33f8f1ee1693a9b7b60a6aa4e6e967cdc0468fb2523793825877d0ff8da9fa7e6238aca050099772d39ead9263a8f89e59e526ef2c58e3e6d847d09a82c16617b142154a5a774f0b9fba8da18253727f5102ea33ca40dcf88fc03fbc3e3461ab3fdd9f7ad90f226ba0ece9e4b368b6f6feb30d66edd74ff33a6cae46131aa115af3f92943a4e7a1620592b071d563a4d7f8936eadc97423c9cd75170b65adf1c1375a89b42215f247e8e731115cb4ee195cd39984270c7b0c06f0dff479ce1e152d8253a932bc28842fd7302ac6fd82729348d0a0567872b5cc02e7b4f78b6adf8aa06a792bae21cf55d4711d8a7fd03116acf8bf703551099e1b5ed8df64c92b82103fd1d76d2ae7b821f799048a5c5f932455cc12b5b620ea3245224c0004a3dfbaccf2b9b7b146b013a23eef65e63ff03a62cd954a1e5e363dbbc031b0782c7b6bbb889b5ccdd135e78d1180b6a617784b2500d3d946378a9dc58f34cee9e86cd384b023ec89ada8917e3823987c8fac4d880eef505c46fe43825852698e6b723138e5c06c977a940334e0ade4717240ba6f4668db4f18e2496544237f21820230145cbf80d8512f0c365842b2a8c58a832b87a90d7516fb7d5a4738efeedd4229100e096d6ee6a342f436f09e3d6868c4efd39cb6b61761d526a967
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(70546);
script_version("1.10");
script_cvs_date("Date: 2019/11/27");
script_cve_id(
"CVE-2013-3762",
"CVE-2013-5766",
"CVE-2013-5827",
"CVE-2013-5828"
);
script_bugtraq_id(
63056,
63064,
63068,
63071
);
script_name(english:"Oracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)");
script_summary(english:"Checks for patch ID.");
script_set_attribute(attribute:"synopsis", value:
"A database management application installed on the remote host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The Oracle Database Management Plug-In installed on the remote host is
missing the October 2013 Critical Patch Update (CPU). It is,
therefore, affected by multiple vulnerabilities in the Enterprise
Manager Base Platform component :
- An unspecified flaw exists in the Schema Management
subcomponent that allows an unauthenticated, remote
attacker to impact integrity. (CVE-2013-3762)
- An unspecified flaw exists in the DB Performance
Advisories/UIs subcomponent that allows an
unauthenticated, remote attacker to impact integrity.
(CVE-2013-5766)
- Multiple unspecified flaws exist in the Storage
Management subcomponent that allow an unauthenticated,
remote attacker to impact integrity. (CVE-2013-5827,
CVE-2013-5828)");
# http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac29c174");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2013 Oracle
Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_plugin_for_database_control");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("telnet_func.inc");
include("hostlevel_funcs.inc");
if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS)
enable_ssh_wrappers();
else disable_ssh_wrappers();
# Only the following OSes are currently supported
unsupported = 1;
if (
get_kb_item("Host/CentOS/release") ||
get_kb_item("Host/Debian/release") ||
get_kb_item("Host/FreeBSD/release") ||
get_kb_item("Host/Gentoo/release") ||
get_kb_item("Host/HP-UX/version") ||
get_kb_item("Host/Mandrake/release") ||
get_kb_item("Host/RedHat/release") ||
get_kb_item("Host/Slackware/release") ||
get_kb_item("Host/Solaris/Version") ||
get_kb_item("Host/SuSE/release") ||
get_kb_item("Host/Ubuntu/release") ||
get_kb_item("Host/AIX/version")
) unsupported = 0;
if (unsupported) exit(0, "Oracle Database Management Plug-In checks are not supported on the remote OS at this time.");
# We may support other protocols here
if ( islocalhost() )
{
if (!defined_func("pread")) exit(1, "'pread()' is not defined.");
info_t = INFO_LOCAL;
}
else
{
sock_g = ssh_open_connection();
if (!sock_g) audit(AUDIT_FN_FAIL, 'ssh_open_connection');
info_t = INFO_SSH;
}
# Find the inventory.xml file and read it in
# Parse the results to get the paths and version of the DB plugins
info = "";
cmd =
'cat /etc/oraInst.loc | ' +
'grep -h "inventory_loc=" | ' +
'sed \'s/inventory_loc=\\(.*\\)/\\1\\/ContentsXML\\/inventory.xml/g\' | xargs cat';
paths = make_array();
buf = info_send_cmd(cmd:cmd);
if (buf)
{
buf = chomp(buf);
if ('HOME NAME="oms12c' >< buf)
{
chunk = strstr(buf, '<HOME NAME="oms12c') - '<HOME NAME="oms12c';
chunk = strstr(chunk, '<REFHOMELIST>') - '<REFHOMELIST>';
chunk = chunk - strstr(chunk, '</REFHOMELIST>');
chunk = chomp(chunk);
foreach item (split(chunk))
{
path = '';
# If the item is a DB 12.1.0.3 or 12.1.0.4 plugin, save the path
if (item =~ "/oracle\.sysman\.db\.oms\.plugin_[^/0-9]*12\.1\.0\.[2-4]($|[^0-9])")
{
path = ereg_replace(pattern:'^\\s+<REFHOME LOC="([^"]+)".*', string:item, replace:"\1");
version = strstr(path, 'plugin_') - 'plugin_';
paths[version] = path;
}
}
}
}
if (max_index(keys(paths)) == 0)
{
if (info_t == INFO_SSH) ssh_close_connection();
exit(0, "No affected Oracle Database Management Plug-Ins were detected on the remote host.");
}
# Loop over the DB Management Plug-In paths
info = '';
foreach version (keys(paths))
{
if ('12.1.0.2' >< version) patchid = '15985383';
else if ('12.1.0.3' >< version) patchid = '17171101';
else if ('12.1.0.4' >< version) patchid = '17366505';
path = paths[version];
buf = info_send_cmd(cmd:"cat " + path + "/.patch_storage/interim_inventory.txt");
if (!buf)
info += ' ' + version + '\n';
else
{
# Parse the file to see what patches have been installed
buf = chomp(buf);
chunk = strstr(buf, '# apply: the patch to be applied.') - '# apply: the patch to be applied.';
chunk = chunk - strstr(chunk, '# apply: list of patches to be auto-rolled back.');
chunk = chomp(substr(chunk, 1));
if (patchid >!< chunk)
info += ' ' + version + '\n';
}
}
if (info_t == INFO_SSH) ssh_close_connection();
if (info)
{
if (report_verbosity > 0)
{
report +=
'\nThe following affected Oracle Database Managment Plug-Ins were detected' +
'\non the remote host :' +
'\n' +
info;
security_warning(port:0, extra:report);
}
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');
|