Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310702638HistoryMar 03, 2013 - 12:00 a.m.
Debian: Security Advisory (DSA-2638-1)
2013-03-0300:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
10
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.049
Percentile
92.8%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.702638");
script_cve_id("CVE-2013-1794", "CVE-2013-1795");
script_tag(name:"creation_date", value:"2013-03-03 23:00:00 +0000 (Sun, 03 Mar 2013)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_name("Debian: Security Advisory (DSA-2638-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB6");
script_xref(name:"Advisory-ID", value:"DSA-2638-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2013/DSA-2638-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2638");
script_xref(name:"URL", value:"http://www.openafs.org/security");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openafs' package(s) announced via the DSA-2638-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Multiple buffer overflows were discovered in OpenAFS, the implementation of the distributed filesystem AFS, which might result in denial of service or the execution of arbitrary code. Further information is available at [link moved to references].
For the stable distribution (squeeze), this problem has been fixed in version 1.4.12.1+dfsg-4+squeeze1.
For the unstable distribution (sid), this problem has been fixed in version 1.6.1-3.
We recommend that you upgrade your openafs packages.");
script_tag(name:"affected", value:"'openafs' package(s) on Debian 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"libopenafs-dev", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-openafs-kaserver", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-client", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-dbg", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-dbserver", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-doc", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-fileserver", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-kpasswd", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-krb5", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-modules-dkms", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-modules-source", ver:"1.4.12.1+dfsg-4+squeeze1", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
securityvulns
securityvulns
OpenAFS buffer overflow
2013-03-11 00:00:00
[SECURITY] [DSA 2638-1] openafs security update
2013-03-11 00:00:00
nessus
nessus
Debian DSA-2638-1 : openafs - buffer overflow
2013-03-05 00:00:00
osv
osv
openafs - buffer overflow
2013-03-04 00:00:00
debian
debian
[SECURITY] [DSA 2638-1] openafs security update
2013-03-04 22:30:08
openvas
openvas
Debian Security Advisory DSA 2638-1 (openafs - buffer overflow)
2013-03-04 00:00:00
Gentoo Security Advisory GLSA 201404-05
2015-09-29 00:00:00
ubuntucve
ubuntucve
CVE-2013-1794
2013-03-14 00:00:00
CVE-2013-1795
2013-03-14 00:00:00
debiancve
debiancve
CVE-2013-1794
2013-03-14 03:13:37
CVE-2013-1795
2013-03-14 03:13:40
cvelist
cvelist
CVE-2013-1795
2013-03-12 16:00:00
CVE-2013-1794
2013-03-12 16:00:00
nvd
nvd
CVE-2013-1795
2013-03-14 03:13:40
CVE-2013-1794
2013-03-14 03:13:37
prion
prion
Integer overflow
2013-03-14 03:13:00
Buffer overflow
2013-03-14 03:13:00
cve
cve
CVE-2013-1795
2013-03-14 03:13:40
CVE-2013-1794
2013-03-14 03:13:37
freebsd
freebsd
net/openafs -- buffer overflow
2013-02-27 00:00:00
gentoo
gentoo
OpenAFS: Multiple vulnerabilities
2014-04-07 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.049
Percentile
92.8%
Related for OPENVAS:1361412562310702638