Vulnerabilities > CVE-2015-2320 - Improper Certificate Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Creating a Rogue Certificate Authority Certificate An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_BYTEFX-DATA-MYSQL-150318.NASL description Multiple SSL vulnerabilities were fixed in the Mono TLS implementation. - SKIP-TLS problem could be used to client impersonification. (CVE-2015-2318) - A FREAK style SSL protocol downgrade problem was fixed. (CVE-2015-2319) - The SSLv2 support was disabled. (CVE-2015-2320) last seen 2020-06-01 modified 2020-06-02 plugin id 83330 published 2015-05-11 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83330 title SuSE 11.3 Security Update : Mono (SAT Patch Number 10497) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(83330); script_version("$Revision: 2.1 $"); script_cvs_date("$Date: 2015/05/11 23:42:11 $"); script_cve_id("CVE-2015-2318", "CVE-2015-2319", "CVE-2015-2320"); script_name(english:"SuSE 11.3 Security Update : Mono (SAT Patch Number 10497)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple SSL vulnerabilities were fixed in the Mono TLS implementation. - SKIP-TLS problem could be used to client impersonification. (CVE-2015-2318) - A FREAK style SSL protocol downgrade problem was fixed. (CVE-2015-2319) - The SSLv2 support was disabled. (CVE-2015-2320)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=921312" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-2318.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-2319.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2015-2320.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 10497."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bytefx-data-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ibm-data-db2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-data-firebird"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-data-oracle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-data-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-data-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-data-sybase"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-jscript"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-locale-extras"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-nunit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-wcf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:mono-winforms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:monodoc-core"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3"); flag = 0; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"bytefx-data-mysql-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"ibm-data-db2-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-core-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-data-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-data-firebird-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-data-oracle-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-data-postgresql-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-data-sqlite-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-data-sybase-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-devel-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-extras-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-jscript-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-locale-extras-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-nunit-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-wcf-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-web-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"mono-winforms-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"monodoc-core-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"bytefx-data-mysql-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"ibm-data-db2-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-core-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-data-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-data-firebird-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-data-oracle-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-data-postgresql-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-data-sqlite-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-data-sybase-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-devel-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-extras-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-jscript-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-locale-extras-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-nunit-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-wcf-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-web-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"mono-winforms-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"monodoc-core-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-core-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-data-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-data-postgresql-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-data-sqlite-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-locale-extras-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-nunit-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-web-2.6.7-0.13.1")) flag++; if (rpm_check(release:"SLES11", sp:3, reference:"mono-winforms-2.6.7-0.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3202.NASL description Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards. Mono last seen 2020-03-17 modified 2015-03-24 plugin id 82000 published 2015-03-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82000 title Debian DSA-3202-1 : mono - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3202. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82000); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-2318", "CVE-2015-2319", "CVE-2015-2320"); script_bugtraq_id(73250, 73253, 73256); script_xref(name:"DSA", value:"3202"); script_name(english:"Debian DSA-3202-1 : mono - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Researchers at INRIA and Xamarin discovered several vulnerabilities in mono, a platform for running and developing applications based on the ECMA/ISO Standards. Mono's TLS stack contained several problems that hampered its capabilities: those issues could lead to client impersonation (via SKIP-TLS), SSLv2 fallback, and encryption weakening (via FREAK)." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780751" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/mono" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2015/dsa-3202" ); script_set_attribute( attribute:"solution", value: "Upgrade the mono packages. For the stable distribution (wheezy), these problems have been fixed in version 2.10.8.1-8+deb7u1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"libmono-2.0-1", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-2.0-1-dbg", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-2.0-dev", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-accessibility2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-accessibility4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-c5-1.1-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-cairo2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-cairo4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-cecil-private-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-cil-dev", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-codecontracts4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-compilerservices-symbolwriter4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-corlib2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-corlib4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-cscompmgd8.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-csharp4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-custommarshalers4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-data-tds2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-data-tds4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-db2-1.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-debugger-soft2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-debugger-soft4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-http4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n-cjk4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n-mideast4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n-other4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n-rare4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n-west2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n-west4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n4.0-all", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-i18n4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-ldap2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-ldap4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-management2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-management4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-messaging-rabbitmq2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-messaging-rabbitmq4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-messaging2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-messaging4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-build-engine4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-build-framework4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-build-tasks-v4.0-4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-build-utilities-v4.0-4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-build2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-csharp4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-visualc10.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft-web-infrastructure1.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-microsoft8.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-npgsql2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-npgsql4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-opensystem-c4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-oracle2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-oracle4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-peapi2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-peapi4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-posix2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-posix4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-profiler", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-rabbitmq2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-rabbitmq4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-relaxng2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-relaxng4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-security2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-security4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-sharpzip2.6-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-sharpzip2.84-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-sharpzip4.84-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-simd2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-simd4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-sqlite2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-sqlite4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-componentmodel-composition4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-componentmodel-dataannotations4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-configuration-install4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-configuration4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-core4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data-datasetextensions4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data-linq2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data-linq4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data-services-client4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data-services4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-data4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-design4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-drawing-design4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-drawing4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-dynamic4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-enterpriseservices4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-identitymodel-selectors4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-identitymodel4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-ldap2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-ldap4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-management4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-messaging2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-messaging4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-net4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-numerics4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-runtime-caching4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-runtime-durableinstancing4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-runtime-serialization-formatters-soap4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-runtime-serialization4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-runtime2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-runtime4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-security4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-servicemodel-discovery4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-servicemodel-routing4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-servicemodel-web4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-servicemodel4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-serviceprocess4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-transactions4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-abstractions4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-applicationservices4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-dynamicdata4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-extensions-design4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-extensions4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-mvc1.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-mvc2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-routing4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web-services4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-web4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-windows-forms-datavisualization4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-windows-forms4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-xaml4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-xml-linq4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system-xml4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-system4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-tasklets2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-tasklets4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-wcf3.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-web4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-webbrowser2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-webbrowser4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-webmatrix-data4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-windowsbase3.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-windowsbase4.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono-winforms2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libmono2.0-cil", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-2.0-gac", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-2.0-service", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-4.0-gac", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-4.0-service", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-complete", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-csharp-shell", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-dbg", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-devel", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-dmcs", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-gac", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-gmcs", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-jay", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-mcs", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-runtime", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-runtime-dbg", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-runtime-sgen", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-utils", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mono-xbuild", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"monodoc-base", reference:"2.10.8.1-8+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"monodoc-manual", reference:"2.10.8.1-8+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-176.NASL description Three issues with Mono last seen 2020-03-17 modified 2015-03-26 plugin id 82161 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82161 title Debian DLA-176-1 : mono security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-176-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82161); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2015-2318", "CVE-2015-2319", "CVE-2015-2320"); script_bugtraq_id(73250, 73253, 73256); script_name(english:"Debian DLA-176-1 : mono security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. ('SKIP-TLS') CVE-2015-2319 Mono's implementation of SSL/TLS also contained support for the weak EXPORT cyphers and was susceptible to the FREAK attack. CVE-2015-2320 Mono contained SSLv2 fallback code, which is no longer needed and can be considered insecure. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/03/msg00013.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/mono" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-accessibility1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-accessibility2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-bytefx0.7.6.1-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-bytefx0.7.6.2-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-c5-1.1-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-cairo1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-cairo2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-cecil-private-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-cil-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-corlib1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-corlib2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-cscompmgd7.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-cscompmgd8.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-data-tds1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-data-tds2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-data1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-data2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-db2-1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-debugger-soft0.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-firebirdsql1.7-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-getoptions1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-getoptions2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-i18n-west1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-i18n-west2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-i18n1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-i18n2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-ldap1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-ldap2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-management2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-messaging-rabbitmq2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-messaging2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-microsoft-build2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-microsoft7.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-microsoft8.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-npgsql1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-npgsql2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-oracle1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-oracle2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-peapi1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-peapi2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-posix1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-posix2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-profiler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-rabbitmq2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-relaxng1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-relaxng2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-security1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-security2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-sharpzip0.6-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-sharpzip0.84-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-sharpzip2.6-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-sharpzip2.84-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-simd2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-sqlite1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-sqlite2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-data-linq2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-data1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-data2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-ldap1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-ldap2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-messaging1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-messaging2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-runtime1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-runtime2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-web-mvc1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-web-mvc2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-web1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system-web2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-system2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-tasklets2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-wcf3.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-webbrowser0.5-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-windowsbase3.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-winforms1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono-winforms2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono0-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono1.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmono2.0-cil"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-1.0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-1.0-gac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-1.0-service"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-2.0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-2.0-gac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-2.0-service"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-complete"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-csharp-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-gac"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-gmcs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-jay"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-mcs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-mjs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-runtime-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mono-xbuild"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:monodoc-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:monodoc-manual"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:prj2make-sharp"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libmono-accessibility1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-accessibility2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-bytefx0.7.6.1-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-bytefx0.7.6.2-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-c5-1.1-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-cairo1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-cairo2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-cecil-private-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-cil-dev", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-corlib1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-corlib2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-cscompmgd7.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-cscompmgd8.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-data-tds1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-data-tds2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-data1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-data2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-db2-1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-debugger-soft0.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-dev", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-firebirdsql1.7-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-getoptions1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-getoptions2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-i18n-west1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-i18n-west2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-i18n1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-i18n2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-ldap1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-ldap2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-management2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-messaging-rabbitmq2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-messaging2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-microsoft-build2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-microsoft7.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-microsoft8.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-npgsql1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-npgsql2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-oracle1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-oracle2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-peapi1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-peapi2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-posix1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-posix2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-profiler", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-rabbitmq2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-relaxng1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-relaxng2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-security1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-security2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-sharpzip0.6-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-sharpzip0.84-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-sharpzip2.6-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-sharpzip2.84-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-simd2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-sqlite1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-sqlite2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-data-linq2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-data1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-data2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-ldap1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-ldap2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-messaging1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-messaging2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-runtime1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-runtime2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-web-mvc1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-web-mvc2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-web1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system-web2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-system2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-tasklets2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-wcf3.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-webbrowser0.5-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-windowsbase3.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-winforms1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono-winforms2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono0", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono0-dbg", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono1.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"libmono2.0-cil", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-1.0-devel", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-1.0-gac", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-1.0-service", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-2.0-devel", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-2.0-gac", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-2.0-service", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-complete", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-csharp-shell", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-dbg", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-devel", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-gac", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-gmcs", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-jay", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-mcs", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-mjs", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-runtime", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-runtime-dbg", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-utils", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"mono-xbuild", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"monodoc-base", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"monodoc-manual", reference:"2.6.7-5.1+deb6u1")) flag++; if (deb_check(release:"6.0", prefix:"prj2make-sharp", reference:"2.6.7-5.1+deb6u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2547-1.NASL description It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. (CVE-2015-2319) It was discovered that the Mono TLS implementation still supported a fallback to SSLv2. This update removes the functionality as use of SSLv2 is known to be insecure. (CVE-2015-2320) It was discovered that Mono incorrectly handled memory in certain circumstances. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service, or to obtain sensitive information. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-0992) It was discovered that Mono incorrectly handled hash collisions. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS. (CVE-2012-3543). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 82074 published 2015-03-25 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82074 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mono vulnerabilities (USN-2547-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2547-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(82074); script_version("1.13"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2011-0992", "CVE-2012-3543", "CVE-2015-2318", "CVE-2015-2319", "CVE-2015-2320"); script_bugtraq_id(47208, 55251, 73250, 73253, 73256); script_xref(name:"USN", value:"2547-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mono vulnerabilities (USN-2547-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that the Mono TLS implementation was vulnerable to the SKIP-TLS vulnerability. A remote attacker could possibly use this issue to perform client impersonation attacks. (CVE-2015-2318) It was discovered that the Mono TLS implementation was vulnerable to the FREAK vulnerability. A remote attacker or a man in the middle could possibly use this issue to force the use of insecure ciphersuites. (CVE-2015-2319) It was discovered that the Mono TLS implementation still supported a fallback to SSLv2. This update removes the functionality as use of SSLv2 is known to be insecure. (CVE-2015-2320) It was discovered that Mono incorrectly handled memory in certain circumstances. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service, or to obtain sensitive information. This issue only applied to Ubuntu 12.04 LTS. (CVE-2011-0992) It was discovered that Mono incorrectly handled hash collisions. A remote attacker could possibly use this issue to cause Mono to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS. (CVE-2012-3543). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2547-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libmono-2.0-1 and / or mono-runtime packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libmono-2.0-1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mono-runtime"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/13"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libmono-2.0-1", pkgver:"2.10.8.1-1ubuntu2.3")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"mono-runtime", pkgver:"2.10.8.1-1ubuntu2.3")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libmono-2.0-1", pkgver:"3.2.8+dfsg-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"mono-runtime", pkgver:"3.2.8+dfsg-4ubuntu1.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"libmono-2.0-1", pkgver:"3.2.8+dfsg-4ubuntu2.1")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"mono-runtime", pkgver:"3.2.8+dfsg-4ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libmono-2.0-1 / mono-runtime"); }
References
- https://www.debian.org/security/2015/dsa-3202
- https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
- https://bugzilla.redhat.com/show_bug.cgi?id=1202869
- http://www.ubuntu.com/usn/USN-2547-1
- http://www.securityfocus.com/bid/73256
- http://www.openwall.com/lists/oss-security/2015/03/17/9
- http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/