Lucene search
Copyright (C) 2013 Greenbone Networks GmbHOPENVAS:871071HistoryNov 21, 2013 - 12:00 a.m.
RedHat Update for coreutils RHSA-2013:1652-02
2013-11-2100:00:00
Copyright (C) 2013 Greenbone Networks GmbH
plugins.openvas.org
12
0.026 Low
EPSS
Percentile
90.3%
Check for the Version of coreutils
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for coreutils RHSA-2013:1652-02
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
if(description)
{
script_id(871071);
script_version("$Revision: 8542 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $");
script_tag(name:"creation_date", value:"2013-11-21 10:43:37 +0530 (Thu, 21 Nov 2013)");
script_cve_id("CVE-2013-0221", "CVE-2013-0222", "CVE-2013-0223");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_name("RedHat Update for coreutils RHSA-2013:1652-02");
tag_insight = "The coreutils package contains the core GNU utilities. It is a combination
of the old GNU fileutils, sh-utils, and textutils packages.
It was discovered that the sort, uniq, and join utilities did not properly
restrict the use of the alloca() function. An attacker could use this flaw
to crash those utilities by providing long input strings. (CVE-2013-0221,
CVE-2013-0222, CVE-2013-0223)
These updated coreutils packages include numerous bug fixes and two
enhancements. Space precludes documenting all of these changes in this
advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical
Notes, linked to in the References, for information on the most significant
of these changes.
All coreutils users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
";
tag_affected = "coreutils on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)";
tag_solution = "Please Install the Updated Packages.";
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name: "RHSA", value: "2013:1652-02");
script_xref(name: "URL" , value: "https://www.redhat.com/archives/rhsa-announce/2013-November/msg00031.html");
script_tag(name: "summary" , value: "Check for the Version of coreutils");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone Networks GmbH");
script_family("Red Hat Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "RHENT_6")
{
if ((res = isrpmvuln(pkg:"coreutils", rpm:"coreutils~8.4~31.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"coreutils-debuginfo", rpm:"coreutils-debuginfo~8.4~31.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"coreutils-libs", rpm:"coreutils-libs~8.4~31.el6", rls:"RHENT_6")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Related
openvas
openvas
Fedora Update for coreutils FEDORA-2013-1455
2013-02-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1489-1)
2021-06-09 00:00:00
Oracle: Security Advisory (ELSA-2013-1652)
2015-10-06 00:00:00
nessus
nessus
Oracle Linux 6 : coreutils (ELSA-2013-1652)
2013-11-27 00:00:00
openSUSE Security Update : coreutils (openSUSE-SU-2013:0233-1)
2014-06-13 00:00:00
F5 Networks BIG-IP : SUSE coreutils vulnerabilities (SOL16859)
2015-09-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:59:11
Denial Of Service (DoS)
2019-05-02 04:59:11
Denial Of Service (DoS)
2019-01-15 08:51:48
securityvulns
securityvulns
[ MDVSA-2013:023 ] coreutils
2013-03-24 00:00:00
sort, uniq, join utilities resources exhaustion
2013-03-24 00:00:00
f5
f5
fedora
fedora
[SECURITY] Fedora 18 Update: coreutils-8.17-8.fc18
2013-02-01 16:28:29
redhat
redhat
(RHSA-2013:1652) Low: coreutils security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
centos
centos
coreutils security update
2013-11-26 13:31:16
amazon
amazon
Low: coreutils
2013-12-11 20:34:00
oraclelinux
oraclelinux
coreutils security, bug fix, and enhancement update
2013-11-25 00:00:00
debiancve
debiancve
cvelist
cvelist
ubuntucve
ubuntucve
cve
cve
prion
prion
cbl_mariner
cbl_mariner
CVE-2013-0223 affecting package coreutils 8.30-8
2020-11-30 19:30:46
CVE-2013-0221 affecting package coreutils 8.30-8
2020-11-30 19:30:46
CVE-2013-0222 affecting package coreutils 8.30-8
2020-11-30 19:30:46
nvd
nvd