Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310702729HistoryJul 27, 2013 - 12:00 a.m.
Debian: Security Advisory (DSA-2729-1)
2013-07-2700:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
59.3%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.702729");
script_cve_id("CVE-2013-4134", "CVE-2013-4135");
script_tag(name:"creation_date", value:"2013-07-27 22:00:00 +0000 (Sat, 27 Jul 2013)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_name("Debian: Security Advisory (DSA-2729-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(6|7)");
script_xref(name:"Advisory-ID", value:"DSA-2729-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2013/DSA-2729-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2729");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openafs' package(s) announced via the DSA-2729-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: OPENAFS-SA-2013-003
In addition the encrypt option to the vos tool was fixed.
For the oldstable distribution (squeeze), these problems have been fixed in version 1.4.12.1+dfsg-4+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.1-3+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 1.6.5-1.
We recommend that you upgrade your openafs packages.");
script_tag(name:"affected", value:"'openafs' package(s) on Debian 6, Debian 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB6") {
if(!isnull(res = isdpkgvuln(pkg:"libopenafs-dev", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-openafs-kaserver", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-client", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-dbg", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-dbserver", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-doc", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-fileserver", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-kpasswd", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-krb5", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-modules-dkms", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-modules-source", ver:"1.4.12.1+dfsg-4+squeeze2", rls:"DEB6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB7") {
if(!isnull(res = isdpkgvuln(pkg:"libafsauthent1", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libafsrpc1", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libkopenafs1", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libopenafs-dev", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libpam-openafs-kaserver", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-client", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-dbg", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-dbserver", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-doc", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-fileserver", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-fuse", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-kpasswd", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-krb5", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-modules-dkms", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openafs-modules-source", ver:"1.6.1-3+deb7u1", rls:"DEB7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Debian Security Advisory DSA 2729-1 (openafs - several vulnerabilities)
2013-07-28 00:00:00
Gentoo Security Advisory GLSA 201404-05
2015-09-29 00:00:00
nessus
nessus
Debian DSA-2729-1 : openafs - several vulnerabilities
2013-07-30 00:00:00
securityvulns
securityvulns
OpenAFS security vulnerabilities
2013-07-29 00:00:00
[SECURITY] [DSA 2729-1] openafs security update
2013-07-29 00:00:00
debian
debian
[SECURITY] [DSA 2729-1] openafs security update
2013-07-28 21:13:38
ubuntucve
ubuntucve
CVE-2013-4135
2013-11-05 00:00:00
CVE-2013-4134
2013-11-05 00:00:00
prion
prion
Command injection
2013-11-05 21:55:00
Design/Logic Flaw
2013-11-05 21:55:00
cvelist
cvelist
CVE-2013-4135
2013-11-05 21:00:00
CVE-2013-4134
2013-11-05 21:00:00
freebsd
freebsd
openafs -- single-DES cell-wide key brute force vulnerability
2013-07-24 00:00:00
cve
cve
CVE-2013-4134
2013-11-05 21:55:08
CVE-2013-4135
2013-11-05 21:55:12
debiancve
debiancve
CVE-2013-4134
2013-11-05 21:55:08
CVE-2013-4135
2013-11-05 21:55:12
nvd
nvd
CVE-2013-4134
2013-11-05 21:55:08
CVE-2013-4135
2013-11-05 21:55:12
gentoo
gentoo
OpenAFS: Multiple vulnerabilities
2014-04-07 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.7
Confidence
Low
EPSS
0.002
Percentile
59.3%
Related for OPENVAS:1361412562310702729