Lucene search
This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2010-0918.NASLHistoryJul 12, 2013 - 12:00 a.m.
Oracle Linux 6 : cvs (ELSA-2010-0918)
2013-07-1200:00:00
This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.1%
From Red Hat Security Advisory 2010:0918 :
An updated cvs package that fixes one security issue is now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
Concurrent Version System (CVS) is a version control system that can record the history of your files.
An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository.
(CVE-2010-3846)
Red Hat would like to thank Ralph Loader for reporting this issue.
All users of cvs are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2010:0918 and
# Oracle Linux Security Advisory ELSA-2010-0918 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(68149);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");
script_cve_id("CVE-2010-3846");
script_bugtraq_id(44528);
script_xref(name:"RHSA", value:"2010:0918");
script_name(english:"Oracle Linux 6 : cvs (ELSA-2010-0918)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"From Red Hat Security Advisory 2010:0918 :
An updated cvs package that fixes one security issue is now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.
Concurrent Version System (CVS) is a version control system that can
record the history of your files.
An array index error, leading to a heap-based buffer overflow, was
found in the way CVS applied certain delta fragment changes from input
files in the RCS (Revision Control System file) format. If an attacker
in control of a CVS repository stored a specially crafted RCS file in
that repository, and then tricked a remote victim into checking out
(updating their CVS repository tree) a revision containing that file,
it could lead to arbitrary code execution with the privileges of the
CVS server process on the system hosting the CVS repository.
(CVE-2010-3846)
Red Hat would like to thank Ralph Loader for reporting this issue.
All users of cvs are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2010-0918.html");
script_set_attribute(attribute:"solution", value:
"Update the affected cvs package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-3846");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/11/05");
script_set_attribute(attribute:"patch_publication_date", value:"2011/02/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cvs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'cvs-1.11.23-11.el6_0.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cvs-1.11.23-11.el6_0.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cvs');
}
Related
oraclelinux
oraclelinux
cvs security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2010:0918) Moderate: cvs security update
2010-11-29 00:00:00
nessus
nessus
Fedora 13 : cvs-1.11.23-10.fc13 (2010-16600)
2010-10-29 00:00:00
EulerOS Virtualization 3.0.1.0 : cvs (EulerOS-SA-2019-1455)
2019-05-14 00:00:00
Scientific Linux Security Update : cvs on SL6.x i386/x86_64
2012-08-01 00:00:00
openvas
openvas
Fedora Update for cvs FEDORA-2010-16721
2010-12-02 00:00:00
Fedora Update for cvs FEDORA-2010-16599
2010-11-16 00:00:00
Oracle: Security Advisory (ELSA-2010-0918)
2015-10-06 00:00:00
veracode
veracode
Privilege Escalation
2020-08-06 21:26:34
alpinelinux
alpinelinux
CVE-2010-3846
2010-11-05 17:00:02
cve
cve
CVE-2010-3846
2010-11-05 17:00:02
altlinux
altlinux
Security fix for the ALT Linux 5 package cvs version 1.11.23-alt3.M50P.1
2010-12-05 00:00:00
Security fix for the ALT Linux 5 package cvs version 1.11.23-alt4
2010-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: cvs-1.11.23-9.fc12
2010-11-01 20:56:14
[SECURITY] Fedora 14 Update: cvs-1.11.23-11.fc14
2010-11-04 23:32:29
[SECURITY] Fedora 13 Update: cvs-1.11.23-10.fc13
2010-10-28 22:21:07
ubuntucve
ubuntucve
CVE-2010-3846
2010-11-05 00:00:00
nvd
nvd
CVE-2010-3846
2010-11-05 17:00:02
cvelist
cvelist
CVE-2010-3846
2010-11-05 16:28:00
osv
osv
CVE-2010-3846
2010-11-05 17:00:00
prion
prion
Heap overflow
2010-11-05 17:00:00
debiancve
debiancve
CVE-2010-3846
2010-11-05 17:00:02
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.1%
Related for ORACLELINUX_ELSA-2010-0918.NASL