Amazon Linux AMI : libproxy (ALAS-2012-140)

2013-09-0400:00:00

www.tenable.com

383

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.014

Percentile

86.7%

JSON

A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration (PAC) files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the proxy settings obtained by libproxy (from the environment or the desktop environment settings) instructed the use of a PAC proxy configuration. (CVE-2012-4505)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2012-140.
#

include("compat.inc");

if (description)
{
  script_id(69630);
  script_version("1.5");
  script_cvs_date("Date: 2018/04/18 15:09:34");

  script_cve_id("CVE-2012-4505");
  script_xref(name:"ALAS", value:"2012-140");
  script_xref(name:"RHSA", value:"2012:1461");

  script_name(english:"Amazon Linux AMI : libproxy (ALAS-2012-140)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow flaw was found in the way libproxy handled the
downloading of proxy auto-configuration (PAC) files. A malicious
server hosting a PAC file or a man-in-the-middle attacker could use
this flaw to cause an application using libproxy to crash or,
possibly, execute arbitrary code, if the proxy settings obtained by
libproxy (from the environment or the desktop environment settings)
instructed the use of a PAC proxy configuration. (CVE-2012-4505)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2012-140.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update libproxy' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libproxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libproxy-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libproxy-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libproxy-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libproxy-python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/11/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"libproxy-0.3.0-3.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libproxy-bin-0.3.0-3.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libproxy-debuginfo-0.3.0-3.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libproxy-devel-0.3.0-3.7.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"libproxy-python-0.3.0-3.7.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libproxy / libproxy-bin / libproxy-debuginfo / libproxy-devel / etc");
}

VendorProductVersionCPE
amazonlinuxlibproxyp-cpe:/a:amazon:linux:libproxy
amazonlinuxlibproxy-binp-cpe:/a:amazon:linux:libproxy-bin
amazonlinuxlibproxy-debuginfop-cpe:/a:amazon:linux:libproxy-debuginfo
amazonlinuxlibproxy-develp-cpe:/a:amazon:linux:libproxy-devel
amazonlinuxlibproxy-pythonp-cpe:/a:amazon:linux:libproxy-python
amazonlinuxcpe:/o:amazon:linux

Vendor	Product	Version	CPE
amazon	linux	libproxy	p-cpe:/a:amazon:linux:libproxy
amazon	linux	libproxy-bin	p-cpe:/a:amazon:linux:libproxy-bin
amazon	linux	libproxy-debuginfo	p-cpe:/a:amazon:linux:libproxy-debuginfo
amazon	linux	libproxy-devel	p-cpe:/a:amazon:linux:libproxy-devel
amazon	linux	libproxy-python	p-cpe:/a:amazon:linux:libproxy-python
amazon	linux		cpe:/o:amazon:linux