Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.F5_BIGIP_SOL16869.NASLHistorySep 14, 2015 - 12:00 a.m.
F5 Networks BIG-IP : logrotate vulnerability (SOL16869)
2015-09-1400:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.001
Percentile
17.0%
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL16869.
#
# The text description of this plugin is (C) F5 Networks.
#
include("compat.inc");
if (description)
{
script_id(85917);
script_version("2.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/10");
script_cve_id("CVE-2011-1098");
script_bugtraq_id(47108);
script_name(english:"F5 Networks BIG-IP : logrotate vulnerability (SOL16869)");
script_summary(english:"Checks the BIG-IP version.");
script_set_attribute(
attribute:"synopsis",
value:"The remote device is missing a vendor-supplied security patch."
);
script_set_attribute(
attribute:"description",
value:
"Race condition in the createOutputFile function in logrotate.c in
logrotate 3.7.9 and earlier allows local users to read log data by
opening a file before the intended permissions are in place."
);
script_set_attribute(
attribute:"see_also",
value:"https://support.f5.com/csp/article/K16869"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL16869."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/30");
script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"F5 Networks Local Security Checks");
script_dependencies("f5_bigip_detect.nbin");
script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
exit(0);
}
include("f5_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
sol = "SOL16869";
vmatrix = make_array();
# AFM
vmatrix["AFM"] = make_array();
vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.6.0");
vmatrix["AFM"]["unaffected"] = make_list("12.0.0");
# AM
vmatrix["AM"] = make_array();
vmatrix["AM"]["affected" ] = make_list("11.4.0-11.6.0");
vmatrix["AM"]["unaffected"] = make_list("12.0.0");
# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected" ] = make_list("11.0.0-11.6.0","10.1.0-10.2.4");
vmatrix["APM"]["unaffected"] = make_list("12.0.0");
# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.6.0","10.0.0-10.2.4");
vmatrix["ASM"]["unaffected"] = make_list("12.0.0");
# AVR
vmatrix["AVR"] = make_array();
vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.6.0");
vmatrix["AVR"]["unaffected"] = make_list("12.0.0");
# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected" ] = make_list("11.0.0-11.6.0","10.0.0-10.2.4");
vmatrix["LC"]["unaffected"] = make_list("12.0.0");
# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.6.0","10.0.0-10.2.4");
vmatrix["LTM"]["unaffected"] = make_list("12.0.0");
# PEM
vmatrix["PEM"] = make_array();
vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.6.0");
vmatrix["PEM"]["unaffected"] = make_list("12.0.0");
if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get());
else security_note(0);
exit(0);
}
else
{
tested = bigip_get_tested_modules();
audit_extra = "For BIG-IP module(s) " + tested + ",";
if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}
Related
debiancve
debiancve
CVE-2011-1098
2011-03-30 22:55:02
f5
f5
K16869 : logrotate vulnerability CVE-2011-1098
2015-09-11 00:00:00
SOL16869 - logrotate vulnerability CVE-2011-1098
2015-07-07 00:00:00
prion
prion
Race condition
2011-03-30 22:55:00
nvd
nvd
CVE-2011-1098
2011-03-30 22:55:02
cvelist
cvelist
CVE-2011-1098
2011-03-30 22:00:00
ubuntucve
ubuntucve
CVE-2011-1098
2011-03-30 00:00:00
CVE-2011-1548
2011-03-30 00:00:00
cve
cve
CVE-2011-1098
2011-03-30 22:55:02
nessus
nessus
SuSE 10 Security Update : logrotate (ZYPP Patch Number 7533)
2011-12-13 00:00:00
RHEL 5 : logrotate (Unpatched Vulnerability)
2024-06-03 00:00:00
SuSE 10 Security Update : logrotate (ZYPP Patch Number 7534)
2011-05-26 00:00:00
openvas
openvas
Mandriva Update for logrotate MDVSA-2011:065 (logrotate)
2011-04-11 00:00:00
Fedora Update for logrotate FEDORA-2011-3739
2011-04-19 00:00:00
Oracle: Security Advisory (ELSA-2011-0407)
2015-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: logrotate-3.7.9-8.fc15
2011-03-29 04:00:10
[SECURITY] Fedora 14 Update: logrotate-3.7.9-2.fc14
2011-04-11 20:59:43
redhat
redhat
(RHSA-2011:0407) Moderate: logrotate security update
2011-03-31 00:00:00
oraclelinux
oraclelinux
logrotate security update
2011-03-31 00:00:00
seebug
seebug
Red Hat Enterprise Linux logrotateδ»»ζζ§θ‘ε½δ»€εδΏ‘ζ―ζ³ι²ζΌζ΄
2011-04-02 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:065 ] logrotate
2011-04-06 00:00:00
logrotate multiple security vulnerabilities
2011-07-26 00:00:00
[USN-1172-1] logrotate vulnerabilities
2011-07-26 00:00:00
gentoo
gentoo
logrotate: Multiple vulnerabilities
2012-06-25 00:00:00
ubuntu
ubuntu
logrotate vulnerabilities
2011-07-21 00:00:00
CVSS2
1.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.001
Percentile
17.0%
Related for F5_BIGIP_SOL16869.NASL