CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:H/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
74.4%
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1508 advisory.
VDSM is a management module that serves as a Red Hat Enterprise Virtualization Manager agent on Red Hat Enterprise Virtualization Hypervisor or Red Hat Enterprise Linux 6.3 hosts.
A flaw was found in the way Red Hat Enterprise Linux hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were stored in the /tmp/ directory and could be pre-created by an attacker. A local, unprivileged user on the host to be added to the Red Hat Enterprise Virtualization environment could use this flaw to escalate their privileges. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue. (CVE-2012-0860)
A flaw was found in the way Red Hat Enterprise Linux and Red Hat Enterprise Virtualization Hypervisor hosts were added to the Red Hat Enterprise Virtualization environment. The Python scripts needed to configure the host for Red Hat Enterprise Virtualization were downloaded in an insecure way, that is, without properly validating SSL certificates during HTTPS connections. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, potentially gaining root access to the host being added to the Red Hat Enterprise Virtualization environment. This update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also be installed to completely fix this issue. (CVE-2012-0861)
The CVE-2012-0860 and CVE-2012-0861 issues were discovered by Red Hat.
In addition to resolving the above security issues these updated VDSM packages fix various bugs, and add various enhancements.
Documentation for these bug fixes and enhancements is available in the Technical Notes:
https://access.redhat.com/knowledge/docs/en- US/Red_Hat_Enterprise_Virtualization/3.1/html/Technical_Notes/index.html
All users who require VDSM are advised to install these updated packages which resolve these security issues, fix these bugs, and add these enhancements.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:1508. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78941);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2012-0860", "CVE-2012-0861");
script_bugtraq_id(56825);
script_xref(name:"RHSA", value:"2012:1508");
script_name(english:"RHEL 6 : rhev-3.1.0 vdsm (RHSA-2012:1508)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2012:1508 advisory.
VDSM is a management module that serves as a Red Hat Enterprise
Virtualization Manager agent on Red Hat Enterprise Virtualization
Hypervisor or Red Hat Enterprise Linux 6.3 hosts.
A flaw was found in the way Red Hat Enterprise Linux hosts were added to
the Red Hat Enterprise Virtualization environment. The Python scripts
needed to configure the host for Red Hat Enterprise Virtualization were
stored in the /tmp/ directory and could be pre-created by an attacker. A
local, unprivileged user on the host to be added to the Red Hat Enterprise
Virtualization environment could use this flaw to escalate their
privileges. This update provides the VDSM part of the fix. The
RHSA-2012:1506 Red Hat Enterprise Virtualization Manager update must also
be installed to completely fix this issue. (CVE-2012-0860)
A flaw was found in the way Red Hat Enterprise Linux and Red Hat Enterprise
Virtualization Hypervisor hosts were added to the Red Hat Enterprise
Virtualization environment. The Python scripts needed to configure the host
for Red Hat Enterprise Virtualization were downloaded in an insecure way,
that is, without properly validating SSL certificates during HTTPS
connections. An attacker on the local network could use this flaw to
conduct a man-in-the-middle attack, potentially gaining root access to the
host being added to the Red Hat Enterprise Virtualization environment. This
update provides the VDSM part of the fix. The RHSA-2012:1506 Red Hat
Enterprise Virtualization Manager update must also be installed to
completely fix this issue. (CVE-2012-0861)
The CVE-2012-0860 and CVE-2012-0861 issues were discovered by Red Hat.
In addition to resolving the above security issues these updated VDSM
packages fix various bugs, and add various enhancements.
Documentation for these bug fixes and enhancements is available in the
Technical Notes:
https://access.redhat.com/knowledge/docs/en-
US/Red_Hat_Enterprise_Virtualization/3.1/html/Technical_Notes/index.html
All users who require VDSM are advised to install these updated packages
which resolve these security issues, fix these bugs, and add these
enhancements.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Virtualization/3.1/html/Technical_Notes/index.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1b979d61");
# https://access.redhat.com/security/data/csaf/v2/advisories/2012/rhsa-2012_1508.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?326e0902");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1508");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=734847");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=744704");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=766281");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=772556");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=783383");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=790730");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=790754");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=797526");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=798635");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=800367");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=802759");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=806625");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=806757");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=807351");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=807687");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=811807");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=812793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=813423");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=814435");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=815359");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=826467");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=826873");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=826921");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=829037");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=829645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=829710");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=830485");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=830486");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=831528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=832765");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=832798");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=833084");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=833099");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=833119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=833425");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=833803");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=834008");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=834105");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=834205");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=835478");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=835784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=835900");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=835920");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=836161");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=836562");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=836954");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=837054");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=837836");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=838347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=838547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=838802");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=838924");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=840294");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=840300");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=840386");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=840594");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=841863");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842338");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842662");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=842771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=843076");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=843387");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=843498");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=844180");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=844294");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=844347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=845193");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=845346");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=845525");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=845830");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=846004");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=846014");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=846307");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=846312");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=846323");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=846376");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=847518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=847733");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=847744");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=848101");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=848299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=848616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=848728");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=849315");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=849542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=851146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=851839");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=852989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=853011");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=853040");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=853703");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=853710");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=853910");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=853968");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854027");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854151");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854212");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854242");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854457");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854748");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854765");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854919");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854953");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855049");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855425");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855887");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855918");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855922");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=855924");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=856163");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=856167");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=857112");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=859109");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=862002");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=863265");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=865386");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=866163");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=866533");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867354");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867806");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867813");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=867922");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=868272");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=868681");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=868721");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=870024");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=870079");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=870734");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=870768");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=871355");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=871811");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=872270");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=872935");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=874481");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=876115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=876558");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-0861");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2012-0860");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(295, 377);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/04");
script_set_attribute(attribute:"patch_publication_date", value:"2012/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vdsm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vdsm-cli");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vdsm-hook-vhostmd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vdsm-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:vdsm-reg");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/client/6/6Client/x86_64/rhev-agent/3/debug',
'content/dist/rhel/client/6/6Client/x86_64/rhev-agent/3/os',
'content/dist/rhel/client/6/6Client/x86_64/rhev-agent/3/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/rhev-agent/3/debug',
'content/dist/rhel/server/6/6Server/x86_64/rhev-agent/3/os',
'content/dist/rhel/server/6/6Server/x86_64/rhev-agent/3/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/rhev-mgmt-agent/3/debug',
'content/dist/rhel/server/6/6Server/x86_64/rhev-mgmt-agent/3/os',
'content/dist/rhel/server/6/6Server/x86_64/rhev-mgmt-agent/3/source/SRPMS',
'content/dist/rhel/workstation/6/6Workstation/x86_64/rhev-agent/3/debug',
'content/dist/rhel/workstation/6/6Workstation/x86_64/rhev-agent/3/os',
'content/dist/rhel/workstation/6/6Workstation/x86_64/rhev-agent/3/source/SRPMS'
],
'pkgs': [
{'reference':'vdsm-4.9.6-44.0.el6_3', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'},
{'reference':'vdsm-cli-4.9.6-44.0.el6_3', 'release':'6', 'el_string':'el6_3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'},
{'reference':'vdsm-hook-vhostmd-4.9.6-44.0.el6_3', 'release':'6', 'el_string':'el6_3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'},
{'reference':'vdsm-python-4.9.6-44.0.el6_3', 'cpu':'x86_64', 'release':'6', 'el_string':'el6_3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'},
{'reference':'vdsm-reg-4.9.6-44.0.el6_3', 'release':'6', 'el_string':'el6_3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vdsm / vdsm-cli / vdsm-hook-vhostmd / vdsm-python / vdsm-reg');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0861
www.nessus.org/u?1b979d61
www.nessus.org/u?326e0902
access.redhat.com/errata/RHSA-2012:1508
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=734847
bugzilla.redhat.com/show_bug.cgi?id=744704
bugzilla.redhat.com/show_bug.cgi?id=766281
bugzilla.redhat.com/show_bug.cgi?id=772556
bugzilla.redhat.com/show_bug.cgi?id=783383
bugzilla.redhat.com/show_bug.cgi?id=790730
bugzilla.redhat.com/show_bug.cgi?id=790754
bugzilla.redhat.com/show_bug.cgi?id=797526
bugzilla.redhat.com/show_bug.cgi?id=798635
bugzilla.redhat.com/show_bug.cgi?id=800367
bugzilla.redhat.com/show_bug.cgi?id=802759
bugzilla.redhat.com/show_bug.cgi?id=806625
bugzilla.redhat.com/show_bug.cgi?id=806757
bugzilla.redhat.com/show_bug.cgi?id=807351
bugzilla.redhat.com/show_bug.cgi?id=807687
bugzilla.redhat.com/show_bug.cgi?id=811807
bugzilla.redhat.com/show_bug.cgi?id=812793
bugzilla.redhat.com/show_bug.cgi?id=813423
bugzilla.redhat.com/show_bug.cgi?id=814435
bugzilla.redhat.com/show_bug.cgi?id=815359
bugzilla.redhat.com/show_bug.cgi?id=826467
bugzilla.redhat.com/show_bug.cgi?id=826873
bugzilla.redhat.com/show_bug.cgi?id=826921
bugzilla.redhat.com/show_bug.cgi?id=829037
bugzilla.redhat.com/show_bug.cgi?id=829645
bugzilla.redhat.com/show_bug.cgi?id=829710
bugzilla.redhat.com/show_bug.cgi?id=830485
bugzilla.redhat.com/show_bug.cgi?id=830486
bugzilla.redhat.com/show_bug.cgi?id=831528
bugzilla.redhat.com/show_bug.cgi?id=832765
bugzilla.redhat.com/show_bug.cgi?id=832798
bugzilla.redhat.com/show_bug.cgi?id=833084
bugzilla.redhat.com/show_bug.cgi?id=833099
bugzilla.redhat.com/show_bug.cgi?id=833119
bugzilla.redhat.com/show_bug.cgi?id=833425
bugzilla.redhat.com/show_bug.cgi?id=833803
bugzilla.redhat.com/show_bug.cgi?id=834008
bugzilla.redhat.com/show_bug.cgi?id=834105
bugzilla.redhat.com/show_bug.cgi?id=834205
bugzilla.redhat.com/show_bug.cgi?id=835478
bugzilla.redhat.com/show_bug.cgi?id=835784
bugzilla.redhat.com/show_bug.cgi?id=835900
bugzilla.redhat.com/show_bug.cgi?id=835920
bugzilla.redhat.com/show_bug.cgi?id=836161
bugzilla.redhat.com/show_bug.cgi?id=836562
bugzilla.redhat.com/show_bug.cgi?id=836954
bugzilla.redhat.com/show_bug.cgi?id=837054
bugzilla.redhat.com/show_bug.cgi?id=837836
bugzilla.redhat.com/show_bug.cgi?id=838347
bugzilla.redhat.com/show_bug.cgi?id=838547
bugzilla.redhat.com/show_bug.cgi?id=838802
bugzilla.redhat.com/show_bug.cgi?id=838924
bugzilla.redhat.com/show_bug.cgi?id=840294
bugzilla.redhat.com/show_bug.cgi?id=840300
bugzilla.redhat.com/show_bug.cgi?id=840386
bugzilla.redhat.com/show_bug.cgi?id=840594
bugzilla.redhat.com/show_bug.cgi?id=841863
bugzilla.redhat.com/show_bug.cgi?id=842115
bugzilla.redhat.com/show_bug.cgi?id=842146
bugzilla.redhat.com/show_bug.cgi?id=842338
bugzilla.redhat.com/show_bug.cgi?id=842662
bugzilla.redhat.com/show_bug.cgi?id=842771
bugzilla.redhat.com/show_bug.cgi?id=843076
bugzilla.redhat.com/show_bug.cgi?id=843387
bugzilla.redhat.com/show_bug.cgi?id=843498
bugzilla.redhat.com/show_bug.cgi?id=844180
bugzilla.redhat.com/show_bug.cgi?id=844294
bugzilla.redhat.com/show_bug.cgi?id=844347
bugzilla.redhat.com/show_bug.cgi?id=845193
bugzilla.redhat.com/show_bug.cgi?id=845346
bugzilla.redhat.com/show_bug.cgi?id=845525
bugzilla.redhat.com/show_bug.cgi?id=845830
bugzilla.redhat.com/show_bug.cgi?id=846004
bugzilla.redhat.com/show_bug.cgi?id=846014
bugzilla.redhat.com/show_bug.cgi?id=846307
bugzilla.redhat.com/show_bug.cgi?id=846312
bugzilla.redhat.com/show_bug.cgi?id=846323
bugzilla.redhat.com/show_bug.cgi?id=846376
bugzilla.redhat.com/show_bug.cgi?id=847518
bugzilla.redhat.com/show_bug.cgi?id=847733
bugzilla.redhat.com/show_bug.cgi?id=847744
bugzilla.redhat.com/show_bug.cgi?id=848101
bugzilla.redhat.com/show_bug.cgi?id=848299
bugzilla.redhat.com/show_bug.cgi?id=848616
bugzilla.redhat.com/show_bug.cgi?id=848728
bugzilla.redhat.com/show_bug.cgi?id=849315
bugzilla.redhat.com/show_bug.cgi?id=849542
bugzilla.redhat.com/show_bug.cgi?id=851146
bugzilla.redhat.com/show_bug.cgi?id=851839
bugzilla.redhat.com/show_bug.cgi?id=852989
bugzilla.redhat.com/show_bug.cgi?id=853011
bugzilla.redhat.com/show_bug.cgi?id=853040
bugzilla.redhat.com/show_bug.cgi?id=853703
bugzilla.redhat.com/show_bug.cgi?id=853710
bugzilla.redhat.com/show_bug.cgi?id=853910
bugzilla.redhat.com/show_bug.cgi?id=853968
bugzilla.redhat.com/show_bug.cgi?id=854027
bugzilla.redhat.com/show_bug.cgi?id=854151
bugzilla.redhat.com/show_bug.cgi?id=854212
bugzilla.redhat.com/show_bug.cgi?id=854242
bugzilla.redhat.com/show_bug.cgi?id=854457
bugzilla.redhat.com/show_bug.cgi?id=854748
bugzilla.redhat.com/show_bug.cgi?id=854763
bugzilla.redhat.com/show_bug.cgi?id=854765
bugzilla.redhat.com/show_bug.cgi?id=854919
bugzilla.redhat.com/show_bug.cgi?id=854953
bugzilla.redhat.com/show_bug.cgi?id=855049
bugzilla.redhat.com/show_bug.cgi?id=855425
bugzilla.redhat.com/show_bug.cgi?id=855729
bugzilla.redhat.com/show_bug.cgi?id=855887
bugzilla.redhat.com/show_bug.cgi?id=855918
bugzilla.redhat.com/show_bug.cgi?id=855922
bugzilla.redhat.com/show_bug.cgi?id=855924
bugzilla.redhat.com/show_bug.cgi?id=856163
bugzilla.redhat.com/show_bug.cgi?id=856167
bugzilla.redhat.com/show_bug.cgi?id=857112
bugzilla.redhat.com/show_bug.cgi?id=859109
bugzilla.redhat.com/show_bug.cgi?id=862002
bugzilla.redhat.com/show_bug.cgi?id=863265
bugzilla.redhat.com/show_bug.cgi?id=865386
bugzilla.redhat.com/show_bug.cgi?id=866163
bugzilla.redhat.com/show_bug.cgi?id=866533
bugzilla.redhat.com/show_bug.cgi?id=867354
bugzilla.redhat.com/show_bug.cgi?id=867806
bugzilla.redhat.com/show_bug.cgi?id=867813
bugzilla.redhat.com/show_bug.cgi?id=867922
bugzilla.redhat.com/show_bug.cgi?id=868272
bugzilla.redhat.com/show_bug.cgi?id=868681
bugzilla.redhat.com/show_bug.cgi?id=868721
bugzilla.redhat.com/show_bug.cgi?id=870024
bugzilla.redhat.com/show_bug.cgi?id=870079
bugzilla.redhat.com/show_bug.cgi?id=870734
bugzilla.redhat.com/show_bug.cgi?id=870768
bugzilla.redhat.com/show_bug.cgi?id=871355
bugzilla.redhat.com/show_bug.cgi?id=871811
bugzilla.redhat.com/show_bug.cgi?id=872270
bugzilla.redhat.com/show_bug.cgi?id=872935
bugzilla.redhat.com/show_bug.cgi?id=874481
bugzilla.redhat.com/show_bug.cgi?id=876115
bugzilla.redhat.com/show_bug.cgi?id=876558