Vulnerabilities > CVE-2019-10136 - Improper Verification of Cryptographic Signature vulnerability in Redhat Satellite and Spacewalk
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Padding Oracle Crypto Attack An attacker is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an attacker is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an attacker is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key. Any cryptosystem can be vulnerable to padding oracle attacks if the encrypted messages are not authenticated to ensure their validity prior to decryption, and then the information about padding error is leaked to the attacker. This attack technique may be used, for instance, to break CAPTCHA systems or decrypt/modify state information stored in client side objects (e.g., hidden fields or cookies). This attack technique is a side-channel attack on the cryptosystem that uses a data leak from an improperly implemented decryption routine to completely subvert the cryptosystem. The one bit of information that tells the attacker whether a padding error during decryption has occurred, in whatever form it comes, is sufficient for the attacker to break the cryptosystem. That bit of information can come in a form of an explicit error message about a padding error, a returned blank page, or even the server taking longer to respond (a timing attack). This attack can be launched cross domain where an attacker is able to use cross-domain information leaks to get the bits of information from the padding oracle from a target system / service with which the victim is communicating. To do so an attacker sends a request containing ciphertext to the target system. Due to the browser's same origin policy, the attacker is not able to see the response directly, but can use cross-domain information leak techniques to still get the information needed (i.e., information on whether or not a padding error has occurred). For instance, this can be done using "img" tag plus the onerror()/onload() events. The attacker's JavaScript can make web browsers to load an image on the target site, and know if the image is loaded or not. This is 1-bit information needed for the padding oracle attack to work: if the image is loaded, then it is valid padding, otherwise it is not.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2317-1.NASL description This update fixes the following issues : golang-github-prometheus-prometheus : Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery Readded _service file removed in error. Update to 2.11.1 + Bug Fix : - Fix potential panic when prometheus is watching multiple zookeeper paths. Update to 2.11.0 + Bug Fix : - resolve race condition in maxGauge. - Fix ZooKeeper connection leak. - Improved atomicity of .tmp block replacement during compaction for usual case. - Fix last seen 2020-06-01 modified 2020-06-02 plugin id 128611 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128611 title SUSE SLED15 / SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2019:2317-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:2317-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(128611); script_version("1.3"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-10136"); script_name(english:"SUSE SLED15 / SLES15 Security Update : SUSE Manager Client Tools (SUSE-SU-2019:2317-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update fixes the following issues : golang-github-prometheus-prometheus : Add support for Uyuni/SUSE Manager service discovery + Added 0003-Add-Uyuni-service-discovery Readded _service file removed in error. Update to 2.11.1 + Bug Fix : - Fix potential panic when prometheus is watching multiple zookeeper paths. Update to 2.11.0 + Bug Fix : - resolve race condition in maxGauge. - Fix ZooKeeper connection leak. - Improved atomicity of .tmp block replacement during compaction for usual case. - Fix 'unknown series references' after clean shutdown. - Re-calculate block size when calling block.Delete. - Fix unsafe snapshots with head block. - prometheus_tsdb_compactions_failed_total is now incremented on any compaction failure. + Changes : - Remove max_retries from queue_config (it has been unused since rewriting remote-write to utilize the write-ahead-log) - The meta file BlockStats no longer holds size information. This is now dynamically calculated and kept in memory. It also includes the meta file size which was not included before - Renamed metric from prometheus_tsdb_wal_reader_corruption_errors to prometheus_tsdb_wal_reader_corruption_errors_total + Features : - Add option to use Alertmanager API v2. - Added humanizePercentage function for templates. - Include InitContainers in Kubernetes Service Discovery. - Provide option to compress WAL records using Snappy. + Enhancements : - Create new clean segment when starting the WAL. - Reduce allocations in PromQL aggregations. - Add storage warnings to LabelValues and LabelNames API results. - Add prometheus_http_requests_total metric. - Enable openbsd/arm build. - Remote-write allocation improvements. - Query performance improvement: Efficient iteration and search in HashForLabels and HashWithoutLabels. - Allow injection of arbitrary headers in promtool. - Allow passing external_labels in alert unit tests groups. - Allows globs for rules when unit testing. - Improved postings intersection matching. - Reduced disk usage for WAL for small setups. - Optimize queries using regexp for set lookups. Rebase patch002-Default-settings.patch Update to 2.10.0 : + Bug Fixes : - TSDB: Don't panic when running out of disk space and recover nicely from the condition - TSDB: Correctly handle empty labels. - TSDB: Don't crash on an unknown tombstone reference. - Storage/remote: Remove queue-manager specific metrics if queue no longer exists. - PromQL: Correctly display {__name__='a'}. - Discovery/kubernetes: Use service rather than ingress as the name for the service workqueue. - Discovery/azure: Don't panic on a VM with a public IP. - Web: Fixed Content-Type for js and css instead of using /etc/mime.types. - API: Encode alert values as string to correctly represent Inf/NaN. + Features : - Template expansion: Make external labels available as $externalLabels in alert and console template expansion. - TSDB: Add prometheus_tsdb_wal_segment_current metric for the WAL segment index that TSDB is currently writing to. tsdb - Scrape: Add scrape_series_added per-scrape metric. #5546 + Enhancements - Discovery/kubernetes: Add labels __meta_kubernetes_endpoint_node_name and __meta_kubernetes_endpoint_hostname. - Discovery/azure: Add label __meta_azure_machine_public_ip. - TSDB: Simplify mergedPostings.Seek, resulting in better performance if there are many posting lists. tsdb - Log filesystem type on startup. - Cmd/promtool: Use POST requests for Query and QueryRange. client_golang - Web: Sort alerts by group name. - Console templates: Add convenience variables $rawParams, $params, $path. Upadte to 2.9.2 + Bug Fixes : - Make sure subquery range is taken into account for selection - Exhaust every request body before closing it - Cmd/promtool: return errors from rule evaluations - Remote Storage: string interner should not panic in release - Fix memory allocation regression in mergedPostings.Seek tsdb Update to 2.9.1 + Bug Fixes : - Discovery/kubernetes: fix missing label sanitization - Remote_write: Prevent reshard concurrent with calling stop Update to 2.9.0 + Feature : - Add honor_timestamps scrape option. + Enhancements : - Update Consul to support catalog.ServiceMultipleTags. - Discovery/kubernetes: add present labels for labels/annotations. - OpenStack SD: Add ProjectID and UserID meta labels. - Add GODEBUG and retention to the runtime page. - Add support for POSTing to /series endpoint. - Support PUT methods for Lifecycle and Admin APIs. - Scrape: Add global jitter for HA server. - Check for cancellation on every step of a range evaluation. - String interning for labels & values in the remote_write path. - Don't lose the scrape cache on a failed scrape. - Reload cert files from disk automatically. common - Use fixed length millisecond timestamp format for logs. common - Performance improvements for postings. Bug Fixes : - Remote Write: fix checkpoint reading. - Check if label value is valid when unmarshaling external labels from YAML. - Promparse: sort all labels when parsing. - Reload rules: copy state on both name and labels. - Exponentation operator to drop metric name in result of operation. - Config: resolve more file paths. - Promtool: resolve relative paths in alert test files. - Set TLSHandshakeTimeout in HTTP transport. common - Use fsync to be more resilient to machine crashes. - Keep series that are still in WAL in checkpoints. Update to 2.8.1 + Bug Fixes - Display the job labels in /targets which was removed accidentally Update to 2.8.0 + Change : - This release uses Write-Ahead Logging (WAL) for the remote_write API. This currently causes a slight increase in memory usage, which will be addressed in future releases. - Default time retention is used only when no size based retention is specified. These are flags where time retention is specified by the flag --storage.tsdb.retention and size retention by --storage.tsdb.retention.size. - prometheus_tsdb_storage_blocks_bytes_total is now prometheus_tsdb_storage_blocks_bytes. + Feature : - (EXPERIMENTAL) Time overlapping blocks are now allowed; vertical compaction and vertical query merge. It is an optional feature which is controlled by the --storage.tsdb.allow-overlapping-blocks flag, disabled by default. + Enhancements : 	- Use the WAL for remote_write API. - Query performance improvements. - UI enhancements with upgrade to Bootstrap 4. - Reduce time that Alertmanagers are in flux when reloaded. - Limit number of metrics displayed on UI to 10000. - (1) Remember All/Unhealthy choice on target-overview when reloading page. (2) Resize text-input area on Graph page on mouseclick. - In histogram_quantile merge buckets with equivalent le values. - Show list of offending labels in the error message in many-to-many scenarios. - Show Storage Retention criteria in effect on /status page. + Bug Fixes : + Fix sorting of rule groups. + Fix support for password_file and bearer_token_file in Kubernetes SD. + Scrape: catch errors when creating HTTP clients + Adds new metrics: prometheus_target_scrape_pools_total prometheus_target_scrape_pools_failed_total prometheus_target_scrape_pool_reloads_total prometheus_target_scrape_pool_reloads_failed_total + Fix panic when aggregator param is not a literal. mgr-cfg: Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-daemon: Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453) Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-virtualization: Fix missing python 3 ugettext (bsc#1138494) Fix package dependencies to prevent file conflict (bsc#1143856) rhnlib: Add SNI support for clients Fix initialize ssl connection (bsc#1144155) Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: Bugfix: referenced variable before assignment. Bugfix: 'dict' object has no attribute 'iteritems' (bsc#1135881) Add unit tests for custominfo, snippet, scap, ssm, cryptokey and distribution Fix missing runtime dependencies that made spacecmd return old versions of packages in some cases, even if newer ones were available (bsc#1148311) spacewalk-backend: Do not overwrite comps and module data with older versions Fix issue with 'dists' keyword in url hostname Import packages from all collections of a patch not just first one Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to 'registration.register_osad' (bsc#1138822) Fix reposync when dealing with RedHat CDN (bsc#1138358) Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480) Prevent FileNotFoundError: repomd.xml.key traceback (bsc#1137940) Add journalctl output to spacewalk-debug tarballs Prevent unnecessary triggering of channel-repodata tasks when GPG signing is disabled (bsc#1137715) Fix spacewalk-repo-sync for Ubuntu repositories in mirror case (bsc#1136029) Add support for ULN repositories on new Zypper based reposync. Don't skip Deb package tags on package import (bsc#1130040) For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125) prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889) spacewalk-remote-utils: Add RHEL8 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135881" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136029" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136480" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137715" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137940" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138313" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138358" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138494" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138822" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1139453" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1142038" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1143856" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1144155" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1144889" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1148125" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1148177" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1148311" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10136/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20192317-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?497610fc" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Manager Tools 15:zypper in -t patch SUSE-SLE-Manager-Tools-15-2019-2317=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2317=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2019-2317=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:golang-github-prometheus-alertmanager"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:golang-github-prometheus-prometheus"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", reference:"golang-github-prometheus-alertmanager-0.16.2-3.3.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"golang-github-prometheus-prometheus-2.11.1-3.6.2")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"golang-github-prometheus-alertmanager-0.16.2-3.3.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"golang-github-prometheus-prometheus-2.11.1-3.6.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUSE Manager Client Tools"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1661.NASL description An update for spacewalk-backend is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fix(es) : * spacewalk: Insecure computation of authentication signatures during user authentication (CVE-2019-10136) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 126520 published 2019-07-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126520 title RHEL 6 : spacewalk-backend (RHSA-2019:1661) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:1661. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(126520); script_version("1.5"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2019-10136"); script_xref(name:"RHSA", value:"2019:1661"); script_name(english:"RHEL 6 : spacewalk-backend (RHSA-2019:1661)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for spacewalk-backend is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Spacewalk is an Open Source systems management solution that provides system provisioning, configuration and patching capabilities. Security Fix(es) : * spacewalk: Insecure computation of authentication signatures during user authentication (CVE-2019-10136) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:1661" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10136" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-app"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-applet"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-cdn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-config-files-tool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-iss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-iss-export"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-package-push-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql-oracle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-sql-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-xml-export-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:spacewalk-backend-xmlrpc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:1661"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_exists(rpm:"spacewalk-backend-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-app-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-app-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-applet-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-applet-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-cdn-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-cdn-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-config-files-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-config-files-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-config-files-common-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-config-files-common-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-config-files-tool-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-config-files-tool-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-iss-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-iss-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-iss-export-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-iss-export-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-libs-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-libs-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-package-push-server-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-package-push-server-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-server-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-server-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-sql-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-sql-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-sql-oracle-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-sql-oracle-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-sql-postgresql-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-sql-postgresql-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-tools-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-tools-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-xml-export-libs-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-xml-export-libs-2.5.3-177.el6sat")) flag++; if (rpm_exists(rpm:"spacewalk-backend-xmlrpc-2.5.3", release:"RHEL6") && rpm_check(release:"RHEL6", reference:"spacewalk-backend-xmlrpc-2.5.3-177.el6sat")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spacewalk-backend / spacewalk-backend-app / etc"); } }
Redhat
| rpms |
|