CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.0%
Two vulnerabilities were discovered in the client part of OpenAFS, a distributed file system.
CVE-2009-1251 An attacker with control of a file server or the ability to forge RX packets may be able to execute arbitrary code in kernel mode on an OpenAFS client, due to a vulnerability in XDR array decoding.
CVE-2009-1250 An attacker with control of a file server or the ability to forge RX packets may crash OpenAFS clients because of wrongly handled error return codes in the kernel module.
Note that in order to apply this security update, you must rebuild the OpenAFS kernel module. Be sure to also upgrade openafs-modules-source, build a new kernel module for your system following the instructions in /usr/share/doc/openafs-client/README.modules.gz, and then either stop and restart openafs-client or reboot the system to reload the kernel module.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-1768. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(36135);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2009-1250", "CVE-2009-1251");
script_bugtraq_id(34404, 34407);
script_xref(name:"DSA", value:"1768");
script_name(english:"Debian DSA-1768-1 : openafs - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Two vulnerabilities were discovered in the client part of OpenAFS, a
distributed file system.
- CVE-2009-1251
An attacker with control of a file server or the ability
to forge RX packets may be able to execute arbitrary
code in kernel mode on an OpenAFS client, due to a
vulnerability in XDR array decoding.
- CVE-2009-1250
An attacker with control of a file server or the ability
to forge RX packets may crash OpenAFS clients because of
wrongly handled error return codes in the kernel module.
Note that in order to apply this security update, you must rebuild the
OpenAFS kernel module. Be sure to also upgrade openafs-modules-source,
build a new kernel module for your system following the instructions
in /usr/share/doc/openafs-client/README.modules.gz, and then either
stop and restart openafs-client or reboot the system to reload the
kernel module."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2009-1251"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2009-1250"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2009/dsa-1768"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the openafs packages.
For the old stable distribution (etch), these problems have been fixed
in version 1.4.2-6etch2.
For the stable distribution (lenny), these problems have been fixed in
version 1.4.7.dfsg1-6+lenny1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119, 189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openafs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/04/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/11");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"4.0", prefix:"libopenafs-dev", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"libpam-openafs-kaserver", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-client", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-dbg", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-dbserver", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-doc", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-fileserver", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-kpasswd", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-krb5", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"4.0", prefix:"openafs-modules-source", reference:"1.4.2-6etch2")) flag++;
if (deb_check(release:"5.0", prefix:"libopenafs-dev", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libpam-openafs-kaserver", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-client", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-dbg", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-dbserver", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-doc", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-fileserver", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-kpasswd", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-krb5", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"openafs-modules-source", reference:"1.4.7.dfsg1-6+lenny1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");