Vulnerabilities > CVE-2014-1693 - Command Injection vulnerability in Erlang Erlang/Otp R15B03
Summary
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv, (11) recv_bin, (12) recv_chunk_start, (13) send, (14) send_bin, (15) send_chunk_start, (16) append_chunk_start, (17) append, or (18) append_bin command. <a href="http://cwe.mitre.org/data/definitions/93.html" target="_blank">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2014-15394.NASL description - Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17) - Trimmed dependency chain Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-02 plugin id 79647 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79647 title Fedora 20 : erlang-R16B-03.9.fc20 (2014-15394) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-15394. # include("compat.inc"); if (description) { script_id(79647); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1693"); script_xref(name:"FEDORA", value:"2014-15394"); script_name(english:"Fedora 20 : erlang-R16B-03.9.fc20 (2014-15394)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17) - Trimmed dependency chain Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1059331" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bbf47824" ); script_set_attribute( attribute:"solution", value:"Update the affected erlang package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"erlang-R16B-03.9.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-174.NASL description Updated erlang packages fixes security vulnerability : An FTP command injection flaw was found in Erlang last seen 2020-06-01 modified 2020-06-02 plugin id 82484 published 2015-04-01 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82484 title Mandriva Linux Security Advisory : erlang (MDVSA-2015:174) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:174. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82484); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:57"); script_cve_id("CVE-2014-1693"); script_xref(name:"MDVSA", value:"2015:174"); script_name(english:"Mandriva Linux Security Advisory : erlang (MDVSA-2015:174)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated erlang packages fixes security vulnerability : An FTP command injection flaw was found in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module (CVE-2014-1693). This update also disables SSLv3 by default to mitigate the POODLE issue." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0553.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-appmon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-asn1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-common_test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-compiler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosEvent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosEventDomain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosFileTransfer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosNotification"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosProperty"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosTime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-cosTransactions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-crypto"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-debugger"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-dialyzer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-diameter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-docbuilder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-edoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-eldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-emacs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-erl_docgen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-erl_interface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-eunit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-gs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-hipe"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-ic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-inets"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-jinterface"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-manpages"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-megaco"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-mnesia"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-observer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-odbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-orber"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-os_mon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-otp_mibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-parsetools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-percept"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-pman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-public_key"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-reltool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-runtime_tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-snmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-ssh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-ssl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-stack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-syntax_tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-test_server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-toolbar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-tv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-typer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-webtool"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-wx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:erlang-xmerl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-appmon-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-asn1-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-base-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-common_test-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-compiler-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosEvent-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosEventDomain-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosFileTransfer-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosNotification-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosProperty-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosTime-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-cosTransactions-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-crypto-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-debugger-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-devel-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-dialyzer-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-diameter-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-docbuilder-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-edoc-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-eldap-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-emacs-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-erl_docgen-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-erl_interface-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-et-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-eunit-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-gs-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-hipe-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-ic-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-inets-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-jinterface-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-manpages-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-megaco-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-mnesia-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-observer-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-odbc-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-orber-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-os_mon-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-otp_mibs-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-parsetools-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-percept-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-pman-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-public_key-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-reltool-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-runtime_tools-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-snmp-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-ssh-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-ssl-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-stack-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-syntax_tools-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-test_server-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-toolbar-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-tools-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-tv-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-typer-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-webtool-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-wx-R16B02-3.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"erlang-xmerl-R16B02-3.1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3571-1.NASL description It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bock, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106838 published 2018-02-15 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106838 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3571-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(106838); script_version("3.6"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2014-1693", "CVE-2015-2774", "CVE-2016-10253", "CVE-2017-1000385"); script_xref(name:"USN", value:"3571-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bock, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages. (CVE-2017-1000385). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3571-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected erlang package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/08"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/15"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"erlang", pkgver:"1:16.b.3-dfsg-1ubuntu2.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"erlang", pkgver:"1:18.3-dfsg-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"erlang", pkgver:"1:20.0.4+dfsg-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-17009.NASL description - Ver. 17.4 - Disable SSLv3 - Backport useful os:getenv/2 from master. See this GitHub pull request for further details - https://github.com/erlang/otp/pull/535 - Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17) - Trimmed dependency chain Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-26 plugin id 80235 published 2014-12-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80235 title Fedora 21 : erlang-17.4-1.fc21 (2014-17009) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-17009. # include("compat.inc"); if (description) { script_id(80235); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1693"); script_xref(name:"FEDORA", value:"2014-17009"); script_name(english:"Fedora 21 : erlang-17.4-1.fc21 (2014-17009)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Ver. 17.4 - Disable SSLv3 - Backport useful os:getenv/2 from master. See this GitHub pull request for further details - https://github.com/erlang/otp/pull/535 - Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17) - Trimmed dependency chain Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1059331" ); script_set_attribute( attribute:"see_also", value:"https://github.com/erlang/otp/pull/535" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146939.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0ad7c24" ); script_set_attribute( attribute:"solution", value:"Update the affected erlang package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"erlang-17.4-1.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2014-16214.NASL description - Disable SSLv3 - Backport useful os:getenv/2 from master. See this GitHub pull request for further details - https://github.com/erlang/otp/pull/535 - Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17) - Trimmed dependency chain Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-12-15 plugin id 79921 published 2014-12-15 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79921 title Fedora 20 : erlang-R16B-03.10.fc20 (2014-16214) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-16214. # include("compat.inc"); if (description) { script_id(79921); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1693"); script_xref(name:"FEDORA", value:"2014-16214"); script_name(english:"Fedora 20 : erlang-R16B-03.10.fc20 (2014-16214)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Disable SSLv3 - Backport useful os:getenv/2 from master. See this GitHub pull request for further details - https://github.com/erlang/otp/pull/535 - Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17) - Trimmed dependency chain Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1059331" ); script_set_attribute( attribute:"see_also", value:"https://github.com/erlang/otp/pull/535" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146184.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?425b2c12" ); script_set_attribute( attribute:"solution", value:"Update the affected erlang package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:erlang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"erlang-R16B-03.10.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "erlang"); }
References
- http://advisories.mageia.org/MGASA-2014-0553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
- http://seclists.org/oss-sec/2014/q1/163
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:174
- https://bugzilla.redhat.com/show_bug.cgi?id=1059331
- https://usn.ubuntu.com/3571-1/