CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
50.5%
The Oracle Database Management Plug-In installed on the remote host is missing the October 2013 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the Enterprise Manager Base Platform component :
An unspecified flaw exists in the Schema Management subcomponent that allows an unauthenticated, remote attacker to impact integrity. (CVE-2013-3762)
An unspecified flaw exists in the DB Performance Advisories/UIs subcomponent that allows an unauthenticated, remote attacker to impact integrity.
(CVE-2013-5766)
Multiple unspecified flaws exist in the Storage Management subcomponent that allow an unauthenticated, remote attacker to impact integrity. (CVE-2013-5827, CVE-2013-5828)
#TRUSTED 89362e949d7bf702470fa79865988dac0a872f0194fa836fd4256d8a7fb6c2cb8c5f0b956c62580f826927446ea01ad1c9f826a32fb29652ca05e2be1562d8dec3c2dac165165ee875d3eeb0cc792b739e4453f5cc9e6c91be3cc375575ebebcfd05ac937e6841a6b3cb9b6fe0f5fb9412d901c211fab166e7a43f6da35039e88f4371fdcf706c65d46495eb0b8b30090577eb16d68eb8e944f6b6d7f323a9e6dc0f22f53ff8e327174b9ad50f9e9e6eea52beb1fe3d90d21bfafa9d877119346284200a2c634a8510c6de21f9547081e8dc1c1d2567f1d9b6880f24b93b3085d76ef9fa1b525edfcaed77e6c579a61b5e191cb67b2cffef9812ebf5732f2adbed47cebda7ef4d62af606cf6ce714ffa7c75be0b20975a497fc93a01315f6fe03893733e34f699ada269d0b8445efd9d783be3045d233958b4be859f0c5bdd5c4fba4e5f7717d1844105939d2d1679f28ef5e5862d6ae1112d752743d9103273e7a93e6c4d6915cca77a081925a55bae9d90e792dac23c541156a188af1df64c11e4b03d6d1a482f521fa929fb88084457293653b51381c1a8fac7d44ddfa3a2a1ef7bc2b2aa6c08e800260bf0174be425082b88b05e339e71d156f505c4c46b1524ddc16391764a63126f13f4a35ff236885c601ad0146b7048206622e2f087392c50ee6c3a111e65d1216767f0127d2e7b6f2f6f762286e2f080392fe34b5f
#TRUST-RSA-SHA256 23260b7dafd4f67c52498b362a9c90d98ed85c543f8c964c1698b7b653f2b90ebbade13763b9f45246e63813d7c8462437829c4ba63520e8596fec7abee0ee36e51cb3f163daa07d44fe42940de54bfb9726246231e92923d72aca8f793c15624e16550e03a041b471d83967745bc1a117de883bf725e757aeee7f3fa8f59df16273b057cd495f682fafa1421f6ea39f5c739fdda3d03a8fa513f4c8dff8b345ab9da9cf4ad41f68edd608cec11ef2bd28475f4ff92f9a534d6ada5df46e2ee06f1a4fa1924fc9430e503877e8f455f43c876e2d3392249cbd8aff7d6beb274f1758de0b32ee4e0ff8b882d3ca5d4a782d79fe203b1f7e4f9292b105ef4edc0bfeb7b838af9011cccb2fe2e7ef0a6b12837e989bb1f1e154bd16058b1fd34f7fe41887e383eb24fbde2bcc2afcb629df95e776bf144203b7ec6a1d6224286dcfb9cd6ab56dffc4ac08dc1029345a2e36e915b0b3393f13bc9a755a8f7084857e8e96619c952f93ec844a848574b697ecc0943ce4a75ed9c999174c8bf8580d22e3d43a3b565c4735694e0885f71e91e91062a78c6b4c54e82f124af9c26d71f6f35093ed0630875b1d5ffa6cd9834afeed1f675b5a1317d60f0164a06603a20802b5356183201230e179d6a93353281423bc5191629b04a42755118c0b43728494dfabfc707657244a015c4635077c6ed97fd66083092491e0e7389f2d8a254c
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(70546);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/27");
script_cve_id(
"CVE-2013-3762",
"CVE-2013-5766",
"CVE-2013-5827",
"CVE-2013-5828"
);
script_bugtraq_id(
63056,
63064,
63068,
63071
);
script_name(english:"Oracle Database Management Plug-In Unix (October 2013 CPU) (credentialed check)");
script_summary(english:"Checks for patch ID.");
script_set_attribute(attribute:"synopsis", value:
"A database management application installed on the remote host is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The Oracle Database Management Plug-In installed on the remote host is
missing the October 2013 Critical Patch Update (CPU). It is,
therefore, affected by multiple vulnerabilities in the Enterprise
Manager Base Platform component :
- An unspecified flaw exists in the Schema Management
subcomponent that allows an unauthenticated, remote
attacker to impact integrity. (CVE-2013-3762)
- An unspecified flaw exists in the DB Performance
Advisories/UIs subcomponent that allows an
unauthenticated, remote attacker to impact integrity.
(CVE-2013-5766)
- Multiple unspecified flaws exist in the Storage
Management subcomponent that allow an unauthenticated,
remote attacker to impact integrity. (CVE-2013-5827,
CVE-2013-5828)");
# http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ac29c174");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the October 2013 Oracle
Critical Patch Update advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5828");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"agent", value:"all");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/15");
script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:enterprise_manager_plugin_for_database_control");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2013-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("ssh_func.inc");
include("telnet_func.inc");
include("hostlevel_funcs.inc");
include("local_detection_nix.inc");
enable_ssh_wrappers();
if (!is_sh_command_line_os()) exit(0, "Oracle Database Management Plug-In checks are not supported on the remote OS at this time.");
# We may support other protocols here
if ( islocalhost() )
{
if (!defined_func("pread")) exit(1, "'pread()' is not defined.");
info_t = INFO_LOCAL;
}
else
{
sock_g = ssh_open_connection();
if (!sock_g) audit(AUDIT_FN_FAIL, 'ssh_open_connection');
info_t = INFO_SSH;
}
# Find the inventory.xml file and read it in
# Parse the results to get the paths and version of the DB plugins
var info = "";
var cmd = 'cat /etc/oraInst.loc';
var cmd2 = "";
var buf = NULL;
var buf0 = NULL;
var args = [];
var path, version, item, chunk;
var paths = make_array();
var results = make_array();
buf0 = info_send_cmd(cmd:cmd);
# We want to handle that Grep and Sed within the plugin itself. This'll help breakup that large command
# and be more reliable then trusting the target box)
if (!empty_or_null(buf0))
{
cmd2 = 'cat ';
foreach item (split(buf0))
{
# Find any instances starting with inventory_loc= (It should be a path)
results = pregmatch(pattern:"inventory_loc=(.*?)(?:$|\n)", string:item);
if (!empty_or_null(results) && !empty_or_null(results[1]))
{
append_element(var:args, value:results[1] + '/ContentsXML/inventory.xml');
cmd2 += " '$" + max_index(args) + "$'";
}
}
}
# Here, we do the second cat in the original command. This will cat all the contents from the valid paths we discovered!
if (!empty_or_null(args))
{
buf = ldnix::run_cmd_template_wrapper(template:cmd2, args:args);
}
# continue with original code here.
# NOTE: that this is only going to look for the first instance of oms12c. We might come back to this later and adjust it
# to handle multiple instances (In the event that we have them)
if (buf)
{
buf = chomp(buf);
if ('HOME NAME="oms12c' >< buf)
{
chunk = strstr(buf, '<HOME NAME="oms12c') - '<HOME NAME="oms12c';
chunk = strstr(chunk, '<REFHOMELIST>') - '<REFHOMELIST>';
chunk = chunk - strstr(chunk, '</REFHOMELIST>');
chunk = chomp(chunk);
foreach item (split(chunk))
{
path = '';
# If the item is a DB 12.1.0.3 or 12.1.0.4 plugin, save the path
if (item =~ "/oracle\.sysman\.db\.oms\.plugin_[^/0-9]*12\.1\.0\.[2-4]($|[^0-9])")
{
path = ereg_replace(pattern:'^\\s+<REFHOME LOC="([^"]+)".*', string:item, replace:"\1");
version = strstr(path, 'plugin_') - 'plugin_';
paths[version] = path;
}
}
}
}
if (max_index(keys(paths)) == 0)
{
if (info_t == INFO_SSH) ssh_close_connection();
exit(0, "No affected Oracle Database Management Plug-Ins were detected on the remote host.");
}
# Loop over the DB Management Plug-In paths
info = '';
var patchid;
foreach version (keys(paths))
{
if ('12.1.0.2' >< version) patchid = '15985383';
else if ('12.1.0.3' >< version) patchid = '17171101';
else if ('12.1.0.4' >< version) patchid = '17366505';
path = paths[version];
buf = ldnix::run_cmd_template_wrapper(template:"cat '$1$'", args:[path + "/.patch_storage/interim_inventory.txt"]);
if (empty_or_null(buf))
info += ' ' + version + '\n';
else
{
# Parse the file to see what patches have been installed
buf = chomp(buf);
chunk = strstr(buf, '# apply: the patch to be applied.') - '# apply: the patch to be applied.';
chunk = chunk - strstr(chunk, '# apply: list of patches to be auto-rolled back.');
if (!empty_or_null(chunk))
chunk = chomp(substr(chunk, 1));
if (patchid >!< chunk)
info += ' ' + version + '\n';
}
}
if (info_t == INFO_SSH) ssh_close_connection();
if (info)
{
var report =
'\nThe following affected Oracle Database Managment Plug-Ins were detected' +
'\non the remote host :' +
'\n' +
info;
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else audit(AUDIT_HOST_NOT, 'affected');