Scientific Linux Security Update : nss-pam-ldapd on SL6.x i386/x86_64 (20130304)

2013-03-0500:00:00

www.tenable.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process. (CVE-2013-0288)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(65020);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2013-0288");

  script_name(english:"Scientific Linux Security Update : nss-pam-ldapd on SL6.x i386/x86_64 (20130304)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An array index error, leading to a stack-based buffer overflow flaw,
was found in the way nss-pam-ldapd managed open file descriptors. An
attacker able to make a process have a large number of open file
descriptors and perform name lookups could use this flaw to cause the
process to crash or, potentially, execute arbitrary code with the
privileges of the user running the process. (CVE-2013-0288)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=1547
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?00fe2927"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected nss-pam-ldapd and / or nss-pam-ldapd-debuginfo
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pam-ldapd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nss-pam-ldapd-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"nss-pam-ldapd-0.7.5-18.1.el6_4")) flag++;
if (rpm_check(release:"SL6", reference:"nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nss-pam-ldapd / nss-pam-ldapd-debuginfo");
}

VendorProductVersionCPE
fermilabscientific_linuxnss-pam-ldapdp-cpe:/a:fermilab:scientific_linux:nss-pam-ldapd
fermilabscientific_linuxnss-pam-ldapd-debuginfop-cpe:/a:fermilab:scientific_linux:nss-pam-ldapd-debuginfo
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Vendor	Product	Version	CPE
fermilab	scientific_linux	nss-pam-ldapd	p-cpe:/a:fermilab:scientific_linux:nss-pam-ldapd
fermilab	scientific_linux	nss-pam-ldapd-debuginfo	p-cpe:/a:fermilab:scientific_linux:nss-pam-ldapd-debuginfo
fermilab	scientific_linux		x-cpe:/o:fermilab:scientific_linux