Vulnerabilities > CVE-2014-9653 - Improper Input Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-1298.NASL description The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread() last seen 2020-06-05 modified 2017-11-27 plugin id 104764 published 2017-11-27 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104764 title openSUSE Security Update : file (openSUSE-2017-1298) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-1298. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(104764); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"); script_name(english:"openSUSE Security Update : file (openSUSE-2017-1298)"); script_summary(english:"Check for the openSUSE-2017-1298 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread()'s (Alexander Cherepanov) - Fix incorrect bounds check in file_printable (Alexander Cherepanov) - PR/405: ignore SIGPIPE from uncompress programs - change printable -> file_printable and use it in more places for safety - in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name. Version update to file version 5.21 - there was an incorrect free in magic_load_buffers() - there was an out of bounds read for some pascal strings - there was a memory leak in magic lists - don't interpret strings printed from files using the current locale, convert them to ascii format first. - there was an out of bounds read in elf note reads Update to file version 5.20 - recognize encrypted CDF documents - add magic_load_buffers from Brooks Davis - add thumbs.db support Additional non-security bug fixes : - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1009966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063269" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910252" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913650" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=996511" ); script_set_attribute(attribute:"solution", value:"Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:file-magic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmagic1-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"file-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-debuginfo-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-debugsource-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-devel-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"file-magic-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmagic1-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libmagic1-debuginfo-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"python-magic-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmagic1-32bit-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libmagic1-debuginfo-32bit-5.22-7.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-debuginfo-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-debugsource-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-devel-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"file-magic-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmagic1-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libmagic1-debuginfo-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"python-magic-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmagic1-32bit-5.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libmagic1-debuginfo-32bit-5.22-10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-debugsource / file-devel / file-magic / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0760.NASL description From Red Hat Security Advisory 2016:0760 : An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 91149 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91149 title Oracle Linux 6 : file (ELSA-2016-0760) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0760 and # Oracle Linux Security Advisory ELSA-2016-0760 respectively. # include("compat.inc"); if (description) { script_id(91149); script_version("2.4"); script_cvs_date("Date: 2019/09/27 13:00:37"); script_cve_id("CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2016:0760"); script_name(english:"Oracle Linux 6 : file (ELSA-2016-0760)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2016:0760 : An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2016-May/006057.html" ); script_set_attribute(attribute:"solution", value:"Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"EL6", reference:"file-devel-5.04-30.el6")) flag++; if (rpm_check(release:"EL6", reference:"file-libs-5.04-30.el6")) flag++; if (rpm_check(release:"EL6", reference:"file-static-5.04-30.el6")) flag++; if (rpm_check(release:"EL6", reference:"python-magic-5.04-30.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-devel / file-libs / file-static / python-magic"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-2155.NASL description Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 86973 published 2015-11-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86973 title RHEL 7 : file (RHSA-2015:2155) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2155. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(86973); script_version("2.12"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9652", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2015:2155"); script_name(english:"RHEL 7 : file (RHSA-2015:2155)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:2155" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0207" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0237" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-0238" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3478" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3479" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3480" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3487" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3538" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3587" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3710" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8116" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8117" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9652" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9653" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:2155"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-debuginfo-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-devel-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-libs-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"file-static-5.11-31.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"python-magic-5.11-31.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); } }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0050.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3538 (unrestricted regular expression matching) - fix #1284826 - try to read ELF header to detect corrupted one - fix #1263987 - fix bugs found by coverity in the patch - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571) - fix CVE-2014-3710 (out-of-bounds read in elf note headers) - fix CVE-2014-8116 (multiple DoS issues (resource consumption)) - fix CVE-2014-8117 (denial of service issue (resource consumption)) - fix CVE-2014-9620 (limit the number of ELF notes processed) - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory) - fix #809898 - add support for detection of Python 2.7 byte-compiled files - fix #1263987 - fix coredump execfn detection on ppc64 and s390 - fix #966953 - include msooxml file in magic.mgc generation - fix #966953 - increate the strength of MSOOXML magic patterns - fix #1169509 - add support for Java 1.7 and 1.8 - fix #1243650 - comment out too-sensitive Pascal magic - fix #1080453 - remove .orig files from magic directory - fix #1161058 - add support for EPUB - fix #1162149 - remove parts of patches patching .orig files - fix #1154802 - fix detection of zip files containing file named mime - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files - fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files - fix #966953 - backport support for MSOOXML last seen 2020-06-01 modified 2020-06-02 plugin id 91155 published 2016-05-16 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91155 title OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2016-0050. # include("compat.inc"); if (description) { script_id(91155); script_version("2.4"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2012-1571", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"); script_bugtraq_id(52225, 68348, 69325, 70807, 71692, 71700, 71715, 72516); script_name(english:"OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2014-3538 (unrestricted regular expression matching) - fix #1284826 - try to read ELF header to detect corrupted one - fix #1263987 - fix bugs found by coverity in the patch - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571) - fix CVE-2014-3710 (out-of-bounds read in elf note headers) - fix CVE-2014-8116 (multiple DoS issues (resource consumption)) - fix CVE-2014-8117 (denial of service issue (resource consumption)) - fix CVE-2014-9620 (limit the number of ELF notes processed) - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory) - fix #809898 - add support for detection of Python 2.7 byte-compiled files - fix #1263987 - fix coredump execfn detection on ppc64 and s390 - fix #966953 - include msooxml file in magic.mgc generation - fix #966953 - increate the strength of MSOOXML magic patterns - fix #1169509 - add support for Java 1.7 and 1.8 - fix #1243650 - comment out too-sensitive Pascal magic - fix #1080453 - remove .orig files from magic directory - fix #1161058 - add support for EPUB - fix #1162149 - remove parts of patches patching .orig files - fix #1154802 - fix detection of zip files containing file named mime - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files - fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files - fix #966953 - backport support for MSOOXML" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000460.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000464.html" ); script_set_attribute( attribute:"solution", value:"Update the affected file / file-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:file-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"OVS3.3", reference:"file-libs-5.04-30.el6")) flag++; if (rpm_check(release:"OVS3.4", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"OVS3.4", reference:"file-libs-5.04-30.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-libs"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3196.NASL description Hanno Boeck discovered that file last seen 2020-03-17 modified 2015-03-19 plugin id 81927 published 2015-03-19 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81927 title Debian DSA-3196-1 : file - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3196. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(81927); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-9653"); script_xref(name:"DSA", value:"3196"); script_name(english:"Debian DSA-3196-1 : file - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Hanno Boeck discovered that file's ELF parser is suspectible to denial of service." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/file" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3196" ); script_set_attribute( attribute:"solution", value: "Upgrade the file packages. For the stable distribution (wheezy), this problem has been fixed in version 5.11-2+deb7u8. For the upcoming stable distribution (jessie), this problem has been fixed in version 1:5.22+15-1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:file"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"file", reference:"5.11-2+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libmagic-dev", reference:"5.11-2+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"libmagic1", reference:"5.11-2+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"python-magic", reference:"5.11-2+deb7u8")) flag++; if (deb_check(release:"7.0", prefix:"python-magic-dbg", reference:"5.11-2+deb7u8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-42.NASL description The remote host is affected by the vulnerability described in GLSA-201701-42 (file: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system to process a specially crafted input file, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96576 published 2017-01-18 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96576 title GLSA-201701-42 : file: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201701-42. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(96576); script_version("$Revision: 3.1 $"); script_cvs_date("$Date: 2017/01/18 14:49:21 $"); script_cve_id("CVE-2014-3710", "CVE-2014-9652", "CVE-2014-9653", "CVE-2015-8865"); script_xref(name:"GLSA", value:"201701-42"); script_name(english:"GLSA-201701-42 : file: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201701-42 (file: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in file. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated system to process a specially crafted input file, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-42" ); script_set_attribute( attribute:"solution", value: "All file users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/file-5.23'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:file"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-apps/file", unaffected:make_list("ge 5.23"), vulnerable:make_list("lt 5.23"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file"); }NASL family Web Servers NASL id HPSMH_7_5.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 84923 published 2015-07-22 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84923 title HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84923); script_version("1.17"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_cve_id( "CVE-2014-0118", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-3523", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-8142", "CVE-2014-8275", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9653", "CVE-2014-9705", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1787", "CVE-2015-2134", "CVE-2015-2301", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-2787" ); script_bugtraq_id( 68678, 68742, 68745, 68747, 71791, 71833, 71934, 71935, 71936, 71937, 71939, 71940, 71941, 71942, 72505, 72516, 72539, 72541, 72701, 73031, 73037, 73225, 73226, 73227, 73228, 73229, 73230, 73231, 73232, 73234, 73235, 73237, 73238, 73239, 73431, 73434, 75961 ); script_xref(name:"HP", value:"SSRT102109"); script_xref(name:"HP", value:"HPSBMU03380"); script_xref(name:"HP", value:"emr_na-c04746490"); script_xref(name:"CERT", value:"243585"); script_name(english:"HP System Management Homepage 7.3.x / 7.4.x < 7.5.0 Multiple Vulnerabilities (FREAK)"); script_summary(english:"Checks version in the banner."); script_set_attribute(attribute:"synopsis", value: "The remote web server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote web server is prior to 7.5.0. It is, therefore, affected by multiple vulnerabilities : - A flaw exists within the 'mod_deflate' module when handling highly compressed bodies. A remote attacker can exploit this, via a specially crafted request, to exhaust memory and CPU resources, resulting in a denial of service condition. (CVE-2014-0118) - The 'mod_status' module contains a race condition that can be triggered when handling the scoreboard. A remote attacker can exploit this to cause a denial of service, execute arbitrary code, or obtain sensitive credential information. (CVE-2014-0226) - The 'mod_cgid' module lacks a time out mechanism. A remote attacker can exploit this, via a specially crafted request, to cause child processes to linger indefinitely, filling up the scoreboard and resulting in a denial of service vulnerability. (CVE-2014-0231) - A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker can exploit this, via specially crafted requests. to create a memory leak, resulting in a denial of service condition. (CVE-2014-3523) - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using an unexpected handshake, to crash the daemon, resulting in a denial of service. (CVE-2014-3569) - The BIGNUM squaring (BN_sqr) implementation does not properly calculate the square of a BIGNUM value. This allows remote attackers to defeat cryptographic protection mechanisms. (CVE-2014-3570) - A NULL pointer dereference flaw exists in the dtls1_get_record() function when handling DTLS messages. A remote attacker, using a specially crafted DTLS message, can cause a denial of service. (CVE-2014-3571) - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows a remote attacker to trigger a loss of forward secrecy from the ciphersuite. (CVE-2014-3572) - A use-after-free error exists in the 'process_nested_data' function within 'ext/standard/var_unserializer.re' due to improper handling of duplicate keys within the serialized properties of an object. A remote attacker, using a specially crafted call to the 'unserialize' method, can exploit this flaw to execute arbitrary code on the system. (CVE-2014-8142) - A flaw exists when accepting non-DER variations of certificate signature algorithms and signature encodings due to a lack of enforcement of matches between signed and unsigned portions. A remote attacker, by including crafted data within a certificate's unsigned portion, can bypass fingerprint-based certificate-blacklist protection mechanisms. (CVE-2014-8275) - An out-of-bounds read flaw in file 'cgi_main.c' exists when nmap is used to process an invalid file that begins with a hash character (#) but lacks a newline character. A remote attacker, using a specially crafted PHP file, can exploit this vulnerability to disclose memory contents, cause a denial of service, or possibly execute code. (CVE-2014-9427) - An out-of-bounds read error exists in the Fine Free File component that is bundled with PHP. A remote attacker can exploit this to cause a denial of service condition or the disclosure of sensitive information. (CVE-2014-9652) - A memory corruption issue exists in the Fine Free File component that is bundled with PHP. A remote attacker can exploit this to cause an unspecified impact. (CVE-2014-9653) - A heap buffer overflow condition exists in PHP in the enchant_broker_request_dict() function due to improper validation of user-supplied input. An attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2014-9705) - A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0204) - A flaw exists when accepting DH certificates for client authentication without the CertificateVerify message. This allows a remote attacker to authenticate to the service without a private key. (CVE-2015-0205) - A memory leak occurs in dtls1_buffer_record() when handling a saturation of DTLS records containing the same number sequence but for the next epoch. This allows a remote attacker to cause a denial of service. (CVE-2015-0206) - A flaw exists in the DTLSv1_listen() function due to state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207) - A flaw exists in the rsa_item_verify() function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208) - A use-after-free condition exists in the d2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209) - A use-after-free memory error exists in the process_nested_data() function in 'var_unserializer.re' due to improper handling of duplicate numerical keys within the serialized properties of an object. A remote attacker, using a crafted unserialize method call, can exploit this vulnerability to execute arbitrary code. (CVE-2015-0231) - A flaw exists in the exif_process_unicode() function in 'exif.c' that allows freeing an uninitialized pointer. A remote attacker, using specially crafted EXIF data in a JPEG image, can exploit this to cause a denial of service or to execute arbitrary code. (CVE-2015-0232) - A use-after-free flaw exists in the function php_date_timezone_initialize_from_hash() within the 'ext/date/php_date.c' script. An attacker can exploit this to access sensitive information or crash applications linked to PHP. (CVE-2015-0273) - A flaw exists in the ssl3_client_hello() function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285) - An invalid read error exists in the ASN1_TYPE_cmp() function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286) - A flaw exists in the ASN1_item_ex_d2i() function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287) - A NULL pointer dereference flaw exists in the X509_to_X509_REQ() function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288) - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer ContentInfo. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289) - A flaw exists with the 'multiblock' feature in the ssl3_write_bytes() function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290) - A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service. (CVE-2015-0291) - An integer underflow condition exists in the EVP_DecodeUpdate() function due to improper validation of base64 encoded input when decoding. This allows a remote attacker, using maliciously crafted base64 data, to cause a segmentation fault or memory corruption, resulting in a denial of service or possibly the execution of arbitrary code. (CVE-2015-0292) - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293) - A flaw exists in the ssl3_get_client_key_exchange() function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service. (CVE-2015-1787) - A cross-site request forgery (XSRF) vulnerability exists due to the lack of a unique token when performing sensitive actions via HTTP requests. (CVE-2015-2134) - A use-after-free error exists in the function phar_rename_archive() in file 'phar_object.c'. A remote attacker, by attempting to rename a phar archive to an already existing file name, can exploit this to cause a denial of service. (CVE-2015-2301) - A use-after-free error exists related to function 'unserialize', which can allow a remote attacker to execute arbitrary code. Note that this issue is due to an incomplete fix for CVE-2014-8142. (CVE-2015-0231) - A filter bypass vulnerability exists due to a flaw in the move_uploaded_file() function in which pathnames are truncated when a NULL byte is encountered. This allows a remote attacker, via a crafted second argument, to bypass intended extension restrictions and create files with unexpected names. (CVE-2015-2348) - A user-after-free error exists in the process_nested_data() function. This allows a remote attacker, via a crafted unserialize call, to dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-2787)"); # http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81e217d7"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150108.txt"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/news/secadv/20150319.txt"); script_set_attribute(attribute:"see_also", value:"https://www.smacktls.com/#freak"); script_set_attribute(attribute:"solution", value: "Upgrade to HP System Management Homepage (SMH) version 7.5.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/14"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/22"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:system_management_homepage"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("compaq_wbem_detect.nasl", "os_fingerprint.nasl"); script_require_keys("www/hp_smh"); script_require_ports("Services/www", 2301, 2381); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); get_kb_item_or_exit("www/hp_smh"); # Only Linux and Windows are affected -- HP-UX is not mentioned if (report_paranoia < 2) { os = get_kb_item_or_exit("Host/OS"); if ("Windows" >!< os && "Linux" >!< os) audit(AUDIT_OS_NOT, "Windows or Linux", os); } port = get_http_port(default:2381, embedded:TRUE); install = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE); dir = install['dir']; version = install['ver']; prod = get_kb_item_or_exit("www/"+port+"/hp_smh/variant"); if (version == UNKNOWN_VER) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' is unknown.'); # nb: 'version' can have non-numeric characters in it so we'll create # an alternate form and make sure that's safe for use in 'ver_compare()'. version_alt = ereg_replace(pattern:"[_-]", replace:".", string:version); if (!ereg(pattern:"^[0-9][0-9.]+$", string:version_alt)) exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+"/")+' does not look valid ('+version+').'); fixed_version = '7.5'; if ( version_alt =~ "^7\.[34]([^0-9]|$)" && ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1 ) { source_line = get_kb_item("www/"+port+"/hp_smh/source"); report = '\n Product : ' + prod; if (!isnull(source_line)) report += '\n Version source : ' + source_line; report += '\n Installed version : ' + version_alt + '\n Fixed version : ' + fixed_version + '\n'; security_report_v4(severity:SECURITY_HOLE, port:port, extra:report, xsrf:TRUE); } else audit(AUDIT_LISTEN_NOT_VULN, prod, port, version);NASL family Scientific Linux Local Security Checks NASL id SL_20151119_FILE_ON_SL7_X.NASL description Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. last seen 2020-03-18 modified 2015-12-22 plugin id 87555 published 2015-12-22 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87555 title Scientific Linux Security Update : file on SL7.x x86_64 (20151119) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(87555); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9652", "CVE-2014-9653"); script_name(english:"Scientific Linux Security Update : file on SL7.x x86_64 (20151119)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=11400 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?682bffd8" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-magic"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"file-debuginfo-5.11-31.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"file-devel-5.11-31.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"file-libs-5.11-31.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"file-static-5.11-31.el7")) flag++; if (rpm_check(release:"SL7", reference:"python-magic-5.11-31.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-2020.NASL description Update to File-5.22. Fixes various CVE bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-18 plugin id 81394 published 2015-02-18 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81394 title Fedora 21 : file-5.22-2.fc21 (2015-2020) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-2020. # include("compat.inc"); if (description) { script_id(81394); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"); script_xref(name:"FEDORA", value:"2015-2020"); script_name(english:"Fedora 21 : file-5.22-2.fc21 (2015-2020)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to File-5.22. Fixes various CVE bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1171580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1174606" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1180639" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1180642" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1190116" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150121.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c5b0ed5b" ); script_set_attribute(attribute:"solution", value:"Update the affected file package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:file"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"file-5.22-2.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-3048-1.NASL description The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread() last seen 2020-06-01 modified 2020-06-02 plugin id 104777 published 2017-11-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104777 title SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2017:3048-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(104777); script_version("3.7"); script_cvs_date("Date: 2019/09/11 11:22:16"); script_cve_id("CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"); script_bugtraq_id(71692, 71700, 71714, 71715, 72516); script_name(english:"SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The GNU file utility was updated to version 5.22. Security issues fixed : - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22 - add indirect relative for TIFF/Exif - restructure elf note printing to avoid repeated messages - add note limit, suggested by Alexander Cherepanov - Bail out on partial pread()'s (Alexander Cherepanov) - Fix incorrect bounds check in file_printable (Alexander Cherepanov) - PR/405: ignore SIGPIPE from uncompress programs - change printable -> file_printable and use it in more places for safety - in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name. Version update to file version 5.21 - there was an incorrect free in magic_load_buffers() - there was an out of bounds read for some pascal strings - there was a memory leak in magic lists - don't interpret strings printed from files using the current locale, convert them to ascii format first. - there was an out of bounds read in elf note reads Update to file version 5.20 - recognize encrypted CDF documents - add magic_load_buffers from Brooks Davis - add thumbs.db support The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063269" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=910252" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=910253" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=913650" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=913651" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=917152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=996511" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8116/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8117/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9620/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9621/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9653/" ); # https://www.suse.com/support/update/announcement/2017/suse-su-20173048-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ac727fb8" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1881=1 SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1881=1 SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1881=1 SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1881=1 SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1881=1 SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1881=1 SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1881=1 SUSE Container as a Service Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2017-1881=1 OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1881=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:file-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:file-magic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmagic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libmagic1-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/17"); script_set_attribute(attribute:"patch_publication_date", value:"2017/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2/3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"3", reference:"file-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"file-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"file-debugsource-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"file-magic-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libmagic1-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libmagic1-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libmagic1-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"3", reference:"libmagic1-debuginfo-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"file-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"file-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"file-debugsource-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"file-magic-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libmagic1-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libmagic1-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libmagic1-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLES12", sp:"2", reference:"libmagic1-debuginfo-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"file-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"file-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"file-debugsource-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"file-magic-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmagic1-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmagic1-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmagic1-debuginfo-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libmagic1-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"file-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"file-debuginfo-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"file-debugsource-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"file-magic-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmagic1-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmagic1-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmagic1-debuginfo-32bit-5.22-10.3.1")) flag++; if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libmagic1-debuginfo-5.22-10.3.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2015-497.NASL description The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620) The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116) It was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653) The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621) softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117) last seen 2020-06-01 modified 2020-06-02 plugin id 82046 published 2015-03-25 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82046 title Amazon Linux AMI : file (ALAS-2015-497) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2015-497. # include("compat.inc"); if (description) { script_id(82046); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"); script_xref(name:"ALAS", value:"2015-497"); script_name(english:"Amazon Linux AMI : file (ALAS-2015-497)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620) The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116) It was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653) The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621) softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2015-497.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update file' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-magic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"file-5.22-2.29.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"file-debuginfo-5.22-2.29.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"file-devel-5.22-2.29.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"file-libs-5.22-2.29.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"file-static-5.22-2.29.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python26-magic-5.22-2.29.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"python27-magic-5.22-2.29.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3686-1.NASL description Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653) It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865) It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 110552 published 2018-06-15 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110552 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : file vulnerabilities (USN-3686-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3686-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(110552); script_version("1.3"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653", "CVE-2015-8865", "CVE-2018-10360"); script_xref(name:"USN", value:"3686-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : file vulnerabilities (USN-3686-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620) Alexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653) It was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865) It was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3686-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected file and / or libmagic1 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmagic1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10 / 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"file", pkgver:"1:5.14-2ubuntu3.4")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libmagic1", pkgver:"1:5.14-2ubuntu3.4")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"file", pkgver:"1:5.25-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libmagic1", pkgver:"1:5.25-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"file", pkgver:"1:5.32-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"libmagic1", pkgver:"1:5.32-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"file", pkgver:"1:5.32-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libmagic1", pkgver:"1:5.32-2ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / libmagic1"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-2155.NASL description Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87137 published 2015-12-02 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87137 title CentOS 7 : file (CESA-2015:2155) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2155 and # CentOS Errata and Security Advisory 2015:2155 respectively. # include("compat.inc"); if (description) { script_id(87137); script_version("2.9"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9652", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2015:2155"); script_name(english:"CentOS 7 : file (CESA-2015:2155)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-cr-announce/2015-November/002218.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aa0c20c5" ); script_set_attribute(attribute:"solution", value:"Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9653"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"file-devel-5.11-31.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"file-libs-5.11-31.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"file-static-5.11-31.el7")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-magic-5.11-31.el7")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-devel / file-libs / file-static / python-magic"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-204.NASL description This update fixes the following issue in the file package : CVE-2014-9653 readelf.c does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-04-20 plugin id 82862 published 2015-04-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82862 title Debian DLA-204-1 : file security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-204-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82862); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-9653"); script_bugtraq_id(72516); script_name(english:"Debian DLA-204-1 : file security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes the following issue in the file package : CVE-2014-9653 readelf.c does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/04/msg00017.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/file" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagic-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmagic1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-magic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-magic-dbg"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"file", reference:"5.04-5+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libmagic-dev", reference:"5.04-5+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"libmagic1", reference:"5.04-5+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"python-magic", reference:"5.04-5+squeeze10")) flag++; if (deb_check(release:"6.0", prefix:"python-magic-dbg", reference:"5.04-5+squeeze10")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-2155.NASL description From Red Hat Security Advisory 2015:2155 : Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 87027 published 2015-11-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87027 title Oracle Linux 7 : file (ELSA-2015-2155) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:2155 and # Oracle Linux Security Advisory ELSA-2015-2155 respectively. # include("compat.inc"); if (description) { script_id(87027); script_version("1.7"); script_cvs_date("Date: 2019/09/27 13:00:36"); script_cve_id("CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9652", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2015:2155"); script_name(english:"Oracle Linux 7 : file (ELSA-2015-2155)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2015:2155 : Updated file packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluza of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-November/005562.html" ); script_set_attribute(attribute:"solution", value:"Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"file-5.11-31.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"file-devel-5.11-31.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"file-libs-5.11-31.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"file-static-5.11-31.el7")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-magic-5.11-31.el7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-devel / file-libs / file-static / python-magic"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1424.NASL description According to the versions of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2013-7345) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3479) - An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.(CVE-2014-9652) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0207) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3480) - It was found that the fix for CVE-2012-1571 was incomplete the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3587) - A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.(CVE-2014-3478) - Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2014-3538) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3487) - A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.(CVE-2014-2270) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources.(CVE-2014-8117) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0237) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory.(CVE-2014-9653) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124927 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124927 title EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124927); script_version("1.5"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2013-7345", "CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-2270", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-8117", "CVE-2014-9652", "CVE-2014-9653" ); script_bugtraq_id( 66002, 66406, 67759, 67765, 68120, 68238, 68239, 68241, 68243, 68348, 69325, 71692, 72505, 72516 ); script_name(english:"EulerOS Virtualization 3.0.1.0 : file (EulerOS-SA-2019-1424)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2013-7345) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3479) - An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file.(CVE-2014-9652) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0207) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3480) - It was found that the fix for CVE-2012-1571 was incomplete the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3587) - A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash.(CVE-2014-3478) - Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.(CVE-2014-3538) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-3487) - A denial of service flaw was found in the way the File Information (fileinfo) extension handled search rules. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU.(CVE-2014-2270) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources.(CVE-2014-8117) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0237) - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory.(CVE-2014-9653) - A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file.(CVE-2014-0238) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1424 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a6a5c24"); script_set_attribute(attribute:"solution", value: "Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:file-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["file-5.11-33.eulerosv2r7", "file-libs-5.11-33.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0760.NASL description An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 91167 published 2016-05-17 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91167 title CentOS 6 : file (CESA-2016:0760) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0760 and # CentOS Errata and Security Advisory 2016:0760 respectively. # include("compat.inc"); if (description) { script_id(91167); script_version("2.7"); script_cvs_date("Date: 2020/01/02"); script_cve_id("CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2016:0760"); script_name(english:"CentOS 6 : file (CESA-2016:0760)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section." ); # https://lists.centos.org/pipermail/centos-cr-announce/2016-May/002805.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?990dcc10" ); script_set_attribute(attribute:"solution", value:"Update the affected file packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9653"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"file-devel-5.04-30.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"file-libs-5.04-30.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"file-static-5.04-30.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"python-magic-5.04-30.el6")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-devel / file-libs / file-static / python-magic"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0760.NASL description An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 91074 published 2016-05-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91074 title RHEL 6 : file (RHSA-2016:0760) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0760. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(91074); script_version("2.10"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"); script_xref(name:"RHSA", value:"2016:0760"); script_name(english:"RHEL 6 : file (RHSA-2016:0760)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for file is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es) : * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:0760" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3538" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3587" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-3710" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8116" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8117" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9620" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9653" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-magic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:0760"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"file-debuginfo-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"file-devel-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"file-libs-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"file-static-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"file-static-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"file-static-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-magic-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-magic-5.04-30.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-magic-5.04-30.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20160510_FILE_ON_SL6_X.NASL description Security Fix(es) : - Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) - A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) - Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) last seen 2020-03-18 modified 2016-06-09 plugin id 91537 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91537 title Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(91537); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"); script_name(english:"Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) - A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) - Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=850 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cd127452" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:file-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-magic"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/03"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"file-5.04-30.el6")) flag++; if (rpm_check(release:"SL6", reference:"file-debuginfo-5.04-30.el6")) flag++; if (rpm_check(release:"SL6", reference:"file-devel-5.04-30.el6")) flag++; if (rpm_check(release:"SL6", reference:"file-libs-5.04-30.el6")) flag++; if (rpm_check(release:"SL6", reference:"file-static-5.04-30.el6")) flag++; if (rpm_check(release:"SL6", reference:"python-magic-5.04-30.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "file / file-debuginfo / file-devel / file-libs / file-static / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0053-1.NASL description The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws last seen 2020-06-01 modified 2020-06-02 plugin id 106092 published 2018-01-17 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106092 title SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:0053-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(106092); script_version("3.8"); script_cvs_date("Date: 2019/09/10 13:51:46"); script_cve_id("CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653", "CVE-2014-9939", "CVE-2017-12448", "CVE-2017-12450", "CVE-2017-12452", "CVE-2017-12453", "CVE-2017-12454", "CVE-2017-12456", "CVE-2017-12799", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-13757", "CVE-2017-14128", "CVE-2017-14129", "CVE-2017-14130", "CVE-2017-14333", "CVE-2017-14529", "CVE-2017-14729", "CVE-2017-14745", "CVE-2017-14974", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-6512", "CVE-2017-6965", "CVE-2017-6966", "CVE-2017-6969", "CVE-2017-7209", "CVE-2017-7210", "CVE-2017-7223", "CVE-2017-7224", "CVE-2017-7225", "CVE-2017-7226", "CVE-2017-7299", "CVE-2017-7300", "CVE-2017-7301", "CVE-2017-7302", "CVE-2017-7303", "CVE-2017-7304", "CVE-2017-8392", "CVE-2017-8393", "CVE-2017-8394", "CVE-2017-8396", "CVE-2017-8421", "CVE-2017-9746", "CVE-2017-9747", "CVE-2017-9748", "CVE-2017-9750", "CVE-2017-9755", "CVE-2017-9756"); script_bugtraq_id(70807, 71692, 71700, 71714, 71715, 72516); script_name(english:"SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils : - Update to version 2.29 - 18750 bsc#1030296 CVE-2014-9939 - 20891 bsc#1030585 CVE-2017-7225 - 20892 bsc#1030588 CVE-2017-7224 - 20898 bsc#1030589 CVE-2017-7223 - 20905 bsc#1030584 CVE-2017-7226 - 20908 bsc#1031644 CVE-2017-7299 - 20909 bsc#1031656 CVE-2017-7300 - 20921 bsc#1031595 CVE-2017-7302 - 20922 bsc#1031593 CVE-2017-7303 - 20924 bsc#1031638 CVE-2017-7301 - 20931 bsc#1031590 CVE-2017-7304 - 21135 bsc#1030298 CVE-2017-7209 - 21137 bsc#1029909 CVE-2017-6965 - 21139 bsc#1029908 CVE-2017-6966 - 21156 bsc#1029907 CVE-2017-6969 - 21157 bsc#1030297 CVE-2017-7210 - 21409 bsc#1037052 CVE-2017-8392 - 21412 bsc#1037057 CVE-2017-8393 - 21414 bsc#1037061 CVE-2017-8394 - 21432 bsc#1037066 CVE-2017-8396 - 21440 bsc#1037273 CVE-2017-8421 - 21580 bsc#1044891 CVE-2017-9746 - 21581 bsc#1044897 CVE-2017-9747 - 21582 bsc#1044901 CVE-2017-9748 - 21587 bsc#1044909 CVE-2017-9750 - 21594 bsc#1044925 CVE-2017-9755 - 21595 bsc#1044927 CVE-2017-9756 - 21787 bsc#1052518 CVE-2017-12448 - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450 - 21933 bsc#1053347 CVE-2017-12799 - 21990 bsc#1058480 CVE-2017-14333 - 22018 bsc#1056312 CVE-2017-13757 - 22047 bsc#1057144 CVE-2017-14129 - 22058 bsc#1057149 CVE-2017-14130 - 22059 bsc#1057139 CVE-2017-14128 - 22113 bsc#1059050 CVE-2017-14529 - 22148 bsc#1060599 CVE-2017-14745 - 22163 bsc#1061241 CVE-2017-14974 - 22170 bsc#1060621 CVE-2017-14729 - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995] - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282] - Fix alignment frags for aarch64 (bsc#1003846) coreutils : - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567) - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059) - Significantly speed up df(1) for huge mount lists. (bsc#965780) file : - update to version 5.22. - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650) - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651) - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152) - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253) - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) - Fixed a memory corruption during rpmbuild (bsc#1063269) - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511) - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) gcc7 : - Support for specific IBM Power9 processor instructions. - Support for specific IBM zSeries z14 processor instructions. - New packages cross-npvtx-gcc7 and nvptx-tools added to the Toolchain Module for specific NVIDIA Card offload support. gzip : - fix mishandling of leading zeros in the end-of-block code (bsc#1067891) libsolv : - Many fixes and improvements for cleandeps. - Always create dup rules for 'distupgrade' jobs. - Use recommends also for ordering packages. - Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065) - Expose solver_get_recommendations() in bindings. - Fix bug in solver_prune_to_highest_prio_per_name resulting in bad output from solver_get_recommendations(). - Support 'without' and 'unless' dependencies. - Use same heuristic as upstream to determine source RPMs. - Fix memory leak in bindings. - Add pool_best_solvables() function. - Fix 64bit integer parsing from RPM headers. - Enable bzip2 and xz/lzma compression support. - Enable complex/rich dependencies on distributions with RPM 4.13+. libtool : - Add missing dependencies and provides to baselibs.conf to make sure libltdl libraries are properly installed. (bsc#1056381) libzypp : - Fix media handling in presence of a repo path prefix. (bsc#1062561) - Fix RepoProvideFile ignoring a repo path prefix. (bsc#1062561) - Remove unused legacy notify-message script. (bsc#1058783) - Support multiple product licenses in repomd. (fate#322276) - Propagate 'rpm --import' errors. (bsc#1057188) - Fix typos in zypp.conf. openssl : - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058) - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242) - Out of bounds read+crash in DES_fcrypt (bsc#1065363) - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) perl: Security issues for perl : - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a escape and the case-insensitive modifier. (bnc#1057724) - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid escape. (bnc#1057721) - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes for perl : - backport set_capture_string changes from upstream (bsc#999735) - reformat baselibs.conf as source validator workaround systemd : - unit: When JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too. (bsc#1048605, bsc#1004995) - compat-rules: Generate compat by-id symlinks with 'nvme' prefix missing and warn users that have broken symlinks. (bsc#1063249) - compat-rules: Allow to specify the generation number through the kernel command line. - scsi_id: Fixup prefix for pre-SPC inquiry reply. (bsc#1039099) - tmpfiles: Remove old ICE and X11 sockets at boot. - tmpfiles: Silently ignore any path that passes through autofs. (bsc#1045472) - pam_logind: Skip leading /dev/ from PAM_TTY field before passing it on. - shared/machine-pool: Fix another mkfs.btrfs checking. (bsc#1053595) - shutdown: Fix incorrect fscanf() result check. - shutdown: Don't remount,ro network filesystems. (bsc#1035386) - shutdown: Don't be fooled when detaching DM devices with BTRFS. (bsc#1055641) - bash-completion: Add support for --now. (bsc#1053137) - Add convert-lib-udev-path.sh script to convert /lib/udev directory into a symlink pointing to /usr/lib/udev when upgrading from SLE11. (bsc#1050152) - Add a rule to teach hotplug to offline containers transparently. (bsc#1040800) timezone : - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29 - Fiji ends DST 2018-01-14, not 2018-01-21 - Namibia switches from +01/+02 to +02 on 2018-04-01 - Sudan switches from +03 to +02 on 2017-11-01 - Tonga likely switches from +13/+14 to +13 on 2017-11-05 - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04 - Corrections to past DST transitions - Move oversized Canada/East-Saskatchewan to 'backward' file - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. util-linux : - Allow unmounting of filesystems without calling stat() on the mount point, when '-c' is used. (bsc#1040968) - Fix an infinite loop, a crash and report the correct minimum and maximum frequencies in lscpu for some processors. (bsc#1055446) - Fix a lscpu failure on Sydney Amazon EC2 region. (bsc#1066500) - If multiple subvolumes are mounted, report the default subvolume. (bsc#1039276) velum : - Fix logout issue on DEX download page * page doesn't exist (bsc#1066611) - Handle invalid sessions more user friendly - Fix undesired minimum nodes alert blink (bsc#1066371) wicked : - A regression in wicked was causing the hostname not to be set correctly via DHCP in some cases (bsc#1057007,bsc#1050258) - Configure the interface MTU correctly even in cases where the interface was up already (bsc#1059292) - Don't abort the process that adds configures routes if one route fails (bsc#1036619) - Handle DHCP4 user-class ids properly (bsc#1045522) - ethtool: handle channels parameters (bsc#1043883) zypper : - Locale: Fix possible segmentation fault. (bsc#1064999) - Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like openSUSE Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384) - Unify '(add|modify)(repo|service)' property related arguments. - Fixed 'add' commands supporting to set only a subset of properties. - Introduced '-f/-F' as preferred short option for --[no-]refresh in all four commands. (bsc#661410, bsc#1053671) - Fix missing package names in installation report. (bsc#1058695) - Differ between unsupported and packages with unknown support status. (bsc#1057634) - Return error code '107' if an RPM's %post configuration script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1 is set in the environment. (bsc#1047233) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1003846" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1004995" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1022404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1025282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1025891" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1026567" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029907" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029908" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029909" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1029995" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1030623" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1035386" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1036619" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1039099" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1039276" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1039513" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1040800" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1040968" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1041090" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043590" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043883" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1043966" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1044016" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045472" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045522" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1045732" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1047178" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1047233" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048605" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1048861" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050152" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050258" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1050487" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052507" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052509" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052511" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052514" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1052518" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1053137" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1053347" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1053595" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1053671" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1055446" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1055641" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1055825" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1056058" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1056312" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1056381" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057007" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057139" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057144" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057149" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057634" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057721" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1057724" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1058480" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1058695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1058783" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059065" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059075" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059292" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1059723" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060599" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1060621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1061241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1061384" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1062561" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063249" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1063269" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1064571" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1064999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1065363" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066242" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066371" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066500" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1066611" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1067891" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070878" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1070958" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071905" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071906" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3710/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8116/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-8117/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9620/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9621/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9653/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12448/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12450/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12452/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12453/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12454/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12456/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12799/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12837/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-12883/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-13757/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14128/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14129/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14130/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14333/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14529/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14729/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14745/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-14974/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3735/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3736/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3737/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-3738/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2017-6512/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20180053-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b2e30c71" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-40=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-caasp-dex-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-dnsmasq-nanny-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-haproxy-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-kubedns-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-mariadb-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-openldap-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-pause-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-pv-recycler-node-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-salt-api-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-salt-master-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-salt-minion-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-sidecar-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-tiller-image"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sles12-velum-image"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-caasp-dex-image-2.0.0-3.3.11")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-dnsmasq-nanny-image-2.0.1-2.3.15")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-haproxy-image-2.0.1-2.3.16")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-kubedns-image-2.0.1-2.3.11")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-mariadb-image-2.0.1-2.3.15")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-openldap-image-2.0.0-2.3.11")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-pause-image-2.0.1-2.3.9")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-pv-recycler-node-image-2.0.1-2.3.10")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-salt-api-image-2.0.1-2.3.10")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-salt-master-image-2.0.1-2.3.10")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-salt-minion-image-2.0.1-2.3.14")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-sidecar-image-2.0.1-2.3.11")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-tiller-image-2.0.0-2.3.11")) flag++; if (rpm_check(release:"SLES12", cpu:"x86_64", reference:"sles12-velum-image-2.0.1-2.3.13")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CaaS Platform 2.0 images"); }
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://bugs.gw.com/view.php?id=409
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://mx.gw.com/pipermail/file/2014/001649.html
- http://openwall.com/lists/oss-security/2015/02/05/13
- http://php.net/ChangeLog-5.php
- http://rhn.redhat.com/errata/RHSA-2016-0760.html
- http://www.debian.org/security/2015/dsa-3196
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/72516
- https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
- https://security.gentoo.org/glsa/201701-42
- https://usn.ubuntu.com/3686-1/