Fedora 21 : drupal6-ctools-1.14-1.fc21 (2015-14330)

2015-09-0800:00:00

www.tenable.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

71.4%

JSON

**See Ctools - Critical - Multiple Vulnerabilities - SA- CONTRIB-2015-141.**This is an incremental security and bugfix release for ctools. Looking to fix future D6 CTools issues? Find japerry or merlinofchaos in #drupal-scotch, #drupal- contribute, or #drupal-panels – and become a maintainer for D6 CTools. Changes since 6.x-1.13: * Harden AJAX link handling * Content type plugins do not properly inherit ‘edit’ permission * Various lint fixes * Fix typo * Issue #2512850 by DamienMcKenna, mw4ll4c3: PHP 5.4+ compatibility * Issue #2010124 by davidwhthomas: ctools_access_get_loggedin_context doesn’t fully load current user in context

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-14330.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85821);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-6665");
  script_xref(name:"FEDORA", value:"2015-14330");

  script_name(english:"Fedora 21 : drupal6-ctools-1.14-1.fc21 (2015-14330)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**See [Ctools - Critical - Multiple Vulnerabilities - SA-
CONTRIB-2015-141.](https://www.drupal.org/node/2554145)** **This is an
incremental security and bugfix release for ctools.** Looking to fix
future D6 CTools issues? Find japerry or merlinofchaos in
#drupal-scotch, #drupal- contribute, or #drupal-panels -- and become a
maintainer for D6 CTools. Changes since 6.x-1.13: * Harden AJAX link
handling * Content type plugins do not properly inherit 'edit'
permission * Various lint fixes * Fix typo * Issue \#2512850 by
DamienMcKenna, mw4ll4c3: PHP 5.4+ compatibility * Issue \#2010124 by
davidwhthomas: ctools_access_get_loggedin_context doesn't fully load
current user in context

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1256131"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165724.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3948818e"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.drupal.org/node/2554145"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected drupal6-ctools package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:drupal6-ctools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC21", reference:"drupal6-ctools-1.14-1.fc21")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "drupal6-ctools");
}

VendorProductVersionCPE
fedoraprojectfedoradrupal6-ctoolsp-cpe:/a:fedoraproject:fedora:drupal6-ctools
fedoraprojectfedora21cpe:/o:fedoraproject:fedora:21