Vulnerabilities > CVE-2015-2059 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 15 | |
| OS | 2 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-277.NASL description Thijs Alkemade discovered that the Jabber server may pass an invalid UTF-8 string to libidn, the GNU library for Internationalized Domain Names (IDNs). In the case of the Jabber server, this results in information disclosure, and it is likely that some other applications using libidn have similar vulnerabilities. This update changes libidn to check for invalid strings rather than assuming that the application has done so. For the oldoldstable distribution (squeeze), this problem has been fixed in version 1.15-2+deb6u1. For the oldstable distribution (wheezy) and stable distribution (jessie), this problem will be fixed soon. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-07-20 plugin id 84835 published 2015-07-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84835 title Debian DLA-277-1 : libidn security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-277-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(84835); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-2059"); script_bugtraq_id(72736); script_name(english:"Debian DLA-277-1 : libidn security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Thijs Alkemade discovered that the Jabber server may pass an invalid UTF-8 string to libidn, the GNU library for Internationalized Domain Names (IDNs). In the case of the Jabber server, this results in information disclosure, and it is likely that some other applications using libidn have similar vulnerabilities. This update changes libidn to check for invalid strings rather than assuming that the application has done so. For the oldoldstable distribution (squeeze), this problem has been fixed in version 1.15-2+deb6u1. For the oldstable distribution (wheezy) and stable distribution (jessie), this problem will be fixed soon. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/07/msg00015.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libidn" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:idn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn11-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn11-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"idn", reference:"1.15-2+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libidn11", reference:"1.15-2+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libidn11-dev", reference:"1.15-2+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libidn11-java", reference:"1.15-2+deb6u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1067.NASL description This update for wget fixes the following issues : - Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971). - Work around a libidn vulnerability (bsc#937096, CVE-2015-2059). - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-09-12 plugin id 93430 published 2016-09-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93430 title openSUSE Security Update : wget (openSUSE-2016-1067) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1067. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(93430); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2059", "CVE-2016-4971"); script_name(english:"openSUSE Security Update : wget (openSUSE-2016-1067)"); script_summary(english:"Check for the openSUSE-2016-1067 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for wget fixes the following issues : - Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971). - Work around a libidn vulnerability (bsc#937096, CVE-2015-2059). - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=937096" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=958342" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=984060" ); script_set_attribute(attribute:"solution", value:"Update the affected wget packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wget"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wget-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:wget-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"wget-1.14-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"wget-debuginfo-1.14-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"wget-debugsource-1.14-4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget / wget-debuginfo / wget-debugsource"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2291-1.NASL description This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93459 published 2016-09-13 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93459 title SUSE SLES11 Security Update : libidn (SUSE-SU-2016:2291-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2291-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93459); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:14"); script_cve_id("CVE-2015-2059", "CVE-2015-8948", "CVE-2016-6261", "CVE-2016-6262", "CVE-2016-6263"); script_bugtraq_id(72736); script_name(english:"SUSE SLES11 Security Update : libidn (SUSE-SU-2016:2291-1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=923241" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=990189" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=990190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=990191" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2059/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-8948/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-6261/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-6262/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-6263/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162291-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b86d38f9" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-libidn-12739=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-libidn-12739=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-libidn-12739=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libidn"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libidn-32bit-1.10-6.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libidn-32bit-1.10-6.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"libidn-1.10-6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libidn"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3068-1.NASL description Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-2059) Hanno Bock discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262, CVE-2016-6261, CVE-2016-6263). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93107 published 2016-08-25 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93107 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : libidn vulnerabilities (USN-3068-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3068-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(93107); script_version("2.7"); script_cvs_date("Date: 2019/09/18 12:31:46"); script_cve_id("CVE-2015-2059", "CVE-2015-8948", "CVE-2016-6261", "CVE-2016-6262", "CVE-2016-6263"); script_xref(name:"USN", value:"3068-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : libidn vulnerabilities (USN-3068-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos Mavrogiannopoulos discovered that Libidn incorrectly handled invalid UTF-8 characters. A remote attacker could use this issue to cause Libidn to crash, resulting in a denial of service, or possibly disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-2059) Hanno Bock discovered that Libidn incorrectly handled certain input. A remote attacker could possibly use this issue to cause Libidn to crash, resulting in a denial of service. (CVE-2015-8948, CVE-2016-6262, CVE-2016-6261, CVE-2016-6263). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3068-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libidn11 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libidn11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libidn11", pkgver:"1.23-2ubuntu0.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libidn11", pkgver:"1.28-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libidn11", pkgver:"1.32-3ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libidn11"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1454.NASL description According to the version of the libidn package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.(CVE-2015-2059) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124957 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124957 title EulerOS Virtualization 3.0.1.0 : libidn (EulerOS-SA-2019-1454) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124957); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2015-2059" ); script_bugtraq_id( 72736 ); script_name(english:"EulerOS Virtualization 3.0.1.0 : libidn (EulerOS-SA-2019-1454)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the libidn package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.(CVE-2015-2059) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1454 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3af82292"); script_set_attribute(attribute:"solution", value: "Update the affected libidn package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libidn"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["libidn-1.28-4.2.h4.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libidn"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-291.NASL description Adam Sampson found a vulnerability in GNU Libidn, library that implements the IETF IDN specifications. Libdin incorrectly handled invalid UTF-8 input, causing it to bad free(). This issue was introduced by the fix for CVE-2015-2059. For Debian 6 last seen 2020-03-17 modified 2015-08-17 plugin id 85418 published 2015-08-17 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85418 title Debian DLA-291-1 : libidn security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-291-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(85418); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_name(english:"Debian DLA-291-1 : libidn security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Adam Sampson found a vulnerability in GNU Libidn, library that implements the IETF IDN specifications. Libdin incorrectly handled invalid UTF-8 input, causing it to bad free(). This issue was introduced by the fix for CVE-2015-2059. For Debian 6 'Squeeze', this issue has been fixed in the 1.15-2+deb6u2 version of libidn. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/08/msg00005.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/libidn" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:idn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn11-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn11-java"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"idn", reference:"1.15-2+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"libidn11", reference:"1.15-2+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"libidn11-dev", reference:"1.15-2+deb6u2")) flag++; if (deb_check(release:"6.0", prefix:"libidn11-java", reference:"1.15-2+deb6u2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2226-1.NASL description This update for wget fixes the following issues : - Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971). - Work around a libidn vulnerability (bsc#937096, CVE-2015-2059). - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93369 published 2016-09-08 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93369 title SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2016:2226-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2226-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93369); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2015-2059", "CVE-2016-4971"); script_bugtraq_id(72736); script_name(english:"SUSE SLED12 / SLES12 Security Update : wget (SUSE-SU-2016:2226-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for wget fixes the following issues : - Fix for HTTP to a FTP redirection file name confusion vulnerability (bsc#984060, CVE-2016-4971). - Work around a libidn vulnerability (bsc#937096, CVE-2015-2059). - Fix for wget fails with basicauth: Failed writing HTTP request: Bad file descriptor (bsc#958342) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=937096" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=958342" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=984060" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2059/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4971/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162226-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0ac3f58d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1309=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1309=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:wget"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:wget-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:wget-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/08/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"wget-1.14-10.3")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"wget-debuginfo-1.14-10.3")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"wget-debugsource-1.14-10.3")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"wget-1.14-10.3")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"wget-debuginfo-1.14-10.3")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"wget-debugsource-1.14-10.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wget"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3578.NASL description It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library. last seen 2020-06-01 modified 2020-06-02 plugin id 91140 published 2016-05-16 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91140 title Debian DSA-3578-1 : libidn - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3578. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(91140); script_version("2.5"); script_cvs_date("Date: 2018/11/10 11:49:37"); script_cve_id("CVE-2015-2059"); script_xref(name:"DSA", value:"3578"); script_name(english:"Debian DSA-3578-1 : libidn - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/libidn" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2016/dsa-3578" ); script_set_attribute( attribute:"solution", value: "Upgrade the libidn packages. For the stable distribution (jessie), this problem has been fixed in version 1.29-1+deb8u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libidn"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"idn", reference:"1.29-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libidn11", reference:"1.29-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libidn11-dev", reference:"1.29-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libidn11-java", reference:"1.29-1+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2015-11621.NASL description Security fix for CVE-2015-2059 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-29 plugin id 85062 published 2015-07-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85062 title Fedora 21 : libidn-1.31-1.fc21 (2015-11621) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2015-11621. # include("compat.inc"); if (description) { script_id(85062); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-2059"); script_xref(name:"FEDORA", value:"2015-11621"); script_name(english:"Fedora 21 : libidn-1.31-1.fc21 (2015-11621)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2015-2059 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1197796" ); # https://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6d531edd" ); script_set_attribute( attribute:"solution", value:"Update the affected libidn package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libidn"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:21"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^21([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 21.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC21", reference:"libidn-1.31-1.fc21")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libidn"); }NASL family Fedora Local Security Checks NASL id FEDORA_2015-11562.NASL description Security fix for CVE-2015-2059 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-07-29 plugin id 85060 published 2015-07-29 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85060 title Fedora 22 : libidn-1.31-1.fc22 (2015-11562) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2079-1.NASL description This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93292 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93292 title SUSE SLED12 / SLES12 Security Update : libidn (SUSE-SU-2016:2079-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1014.NASL description This update for libidn fixes the following issues : - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189) - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190) - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191) - CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-08-24 plugin id 93092 published 2016-08-24 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93092 title openSUSE Security Update : libidn (openSUSE-2016-1014) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-476.NASL description It was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library. For Debian 7 last seen 2020-03-17 modified 2016-05-18 plugin id 91196 published 2016-05-18 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91196 title Debian DLA-476-1 : libidn security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_4CAF01E230E611E5A4A5002590263BF5.NASL description Simon Josefsson reports : stringprep_utf8_to_ucs4 now rejects invalid UTF-8. This function has always been documented to not validate that the input UTF-8 string is actually valid UTF-8... last seen 2020-06-01 modified 2020-06-02 plugin id 84970 published 2015-07-24 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84970 title FreeBSD : libidn -- out-of-bounds read issue with invalid UTF-8 input (4caf01e2-30e6-11e5-a4a5-002590263bf5) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-497.NASL description libidn was updated to version 1.31 to fix one security issue. This security issue was fixed : - CVE-2015-2059: Out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241). last seen 2020-06-05 modified 2015-07-20 plugin id 84866 published 2015-07-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84866 title openSUSE Security Update : libidn (openSUSE-2015-497)
References
- http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c279
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162537.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162549.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00098.html
- http://www.debian.org/security/2016/dsa-3578
- http://www.openwall.com/lists/oss-security/2015/02/23/25
- http://www.securityfocus.com/bid/72736
- http://www.ubuntu.com/usn/USN-3068-1
- https://github.com/jabberd2/jabberd2/issues/85