Bug 364193 (CVE-2011-1597)

Summary:	<net-analyzer/openvas-manager-2.0.4: Privilege escalation with malicious plugins (CVE-2011-1597)
Product:	Gentoo Security	Reporter:	Tim Sammut (RETIRED) <underling>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	hanno
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://lists.wald.intevation.org/pipermail/openvas-announce/2011-April/000120.html
Whiteboard:	~1 [noglsa]
Package list:		Runtime testing required:	---

Description Tim Sammut (RETIRED) gentoo-dev

2011-04-20 02:30:29 UTC

From $URL:

This release fixes a severe security issue discovered after the release
of openvas-manager 2.0.2. By crafting a special report format plugin,
and knowing about the operating system on which OpenVAS Manager is
running, a rogue user was able to upload the plugin and execute
arbitrary code with the privileges of the user running the OpenVAS
Manager.

This release enforces strict permissions on sensitive OpenVAS Manager
files and will drop privileges when executing report format plugins if
it is running with potentially dangerous privileges. Furthermore, it
forces report formats to be trusted before executing them.

We strongly recommended upgrading existing installations of OpenVAS-4 to
openvas-manager 2.0.3.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-04-26 03:15:25 UTC

Adding CVE assignment per: http://www.openwall.com/lists/oss-security/2011/04/20/5.

Comment 2 Yury German Gentoo Infrastructure

2011-04-26 05:01:27 UTC

Previous opened Bug # 353191
https://bugs.gentoo.org/show_bug.cgi?id=353191

Comment 3 Sean Amoss (RETIRED) gentoo-dev

2012-02-29 00:44:26 UTC

(In reply to comment #0)
> We strongly recommended upgrading existing installations of OpenVAS-4 to
> openvas-manager 2.0.3.

Our =net-analyzer/openvas-4 now uses >=net-analyzer/openvas-manager-2.0.4 which is the only version. 

Closing [noglsa]