6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
14.1%
The remote Solaris system is missing necessary patches to address security updates :
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Oracle Third Party software advisories.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(80665);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-3524");
script_name(english:"Oracle Solaris Third-Party Patch Update : libdbus (cve_2012_3524_permissions_privileges)");
script_summary(english:"Check for the 'entire' version.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Solaris system is missing a security patch for third-party
software."
);
script_set_attribute(
attribute:"description",
value:
"The remote Solaris system is missing necessary patches to address
security updates :
- libdbus 1.5.x and earlier, when used in setuid or other
privileged programs in X.org and possibly other
products, allows local users to gain privileges and
execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS
environment variable. NOTE: libdbus maintainers state
that this is a vulnerability in the applications that do
not cleanse environment variables, not in libdbus
itself: 'we do not support use of libdbus in setuid
binaries that do not sanitize their environment before
their first call into libdbus.' (CVE-2012-3524)"
);
# https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?4a913f44"
);
# https://blogs.oracle.com/sunsecurity/cve-2012-3524-permissions,-privileges,-and-access-controls-vulnerability-in-libdbus
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?5a6fee51"
);
script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 12.4.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:libdbus");
script_set_attribute(attribute:"patch_publication_date", value:"2012/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Solaris11/release");
if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
pkg_list = solaris_pkg_list_leaves();
if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
if (empty_or_null(egrep(string:pkg_list, pattern:"^libdbus$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "libdbus");
flag = 0;
if (solaris_check_release(release:"0.5.11-0.175.0.12.0.4.0", sru:"SRU 12.4") > 0) flag++;
if (flag)
{
error_extra = 'Affected package : libdbus\n' + solaris_get_report2();
error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
else security_warning(0);
exit(0);
}
else audit(AUDIT_PACKAGE_NOT_AFFECTED, "libdbus");