Vulnerabilities > CVE-2015-7696 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2978-1.NASL
    descriptionThis update for unzip fixes the following security issues : CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117902
    published2018-10-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117902
    titleSUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:2978-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117902);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2014-9636", "CVE-2014-9913", "CVE-2015-7696", "CVE-2015-7697", "CVE-2016-9844", "CVE-2018-1000035");
      script_bugtraq_id(71825);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : unzip (SUSE-SU-2018:2978-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for unzip fixes the following security issues :
    
    CVE-2014-9913: Specially crafted zip files could trigger invalid
    memory writes possibly resulting in DoS or corruption (bsc#1013993)
    
    CVE-2015-7696: Specially crafted zip files with password protection
    could trigger a crash and lead to denial of service (bsc#950110)
    
    CVE-2015-7697: Specially crafted zip files could trigger an endless
    loop and lead to denial of service (bsc#950111)
    
    CVE-2016-9844: Specially crafted zip files could trigger invalid
    memory writes possibly resulting in DoS or corruption (bsc#1013992)
    
    CVE-2018-1000035: Prevent heap-based buffer overflow in the processing
    of password-protected archives that allowed an attacker to perform a
    denial of service or to possibly achieve code execution (bsc#1080074).
    
    CVE-2014-9636: Prevent denial of service (out-of-bounds read or write
    and crash) via an extra field with an uncompressed size smaller than
    the compressed field size in a zip archive that advertises STORED
    method compression (bsc#914442).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1080074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=910683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=914442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=950111"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9636/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9913/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7696/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7697/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9844/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1000035/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20182978-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e66d8fc8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2018-2117=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2018-2117=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:unzip-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-6.00-33.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-debuginfo-6.00-33.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"unzip-debugsource-6.00-33.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-6.00-33.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-debuginfo-6.00-33.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"unzip-debugsource-6.00-33.8.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1188.NASL
    descriptionThis update for unzip fixes the following issues : - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111)
    last seen2020-06-05
    modified2016-10-14
    plugin id94063
    published2016-10-14
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94063
    titleopenSUSE Security Update : unzip (openSUSE-2016-1188)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1188.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94063);
      script_version("2.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-7696", "CVE-2015-7697");
    
      script_name(english:"openSUSE Security Update : unzip (openSUSE-2016-1188)");
      script_summary(english:"Check for the openSUSE-2016-1188 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for unzip fixes the following issues :
    
      - CVE-2015-7696: Specially crafted zip files with password
        protection could trigger a crash and lead to denial of
        service (bsc#950110)
    
      - CVE-2015-7697: Specially crafted zip files could trigger
        an endless loop and lead to denial of service
        (bsc#950111)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950111"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unzip packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-rcc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-rcc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-rcc-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"unzip-6.00-26.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"unzip-debuginfo-6.00-26.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"unzip-debugsource-6.00-26.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"unzip-rcc-6.00-26.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"unzip-rcc-debuginfo-6.00-26.7.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"unzip-rcc-debugsource-6.00-26.7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip-rcc / unzip-rcc-debuginfo / unzip-rcc-debugsource / unzip / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1124.NASL
    descriptionThis update for unzip fixes the following security issues : - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) - CVE-2018-1000035: Prevent heap-based buffer overflow in the processing of password-protected archives that allowed an attacker to perform a denial of service or to possibly achieve code execution (bsc#1080074). - CVE-2014-9636: Prevent denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression (bsc#914442). This non-security issue was fixed : - Allow processing of Windows zip64 archives (Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher) (bnc#910683) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-10-09
    plugin id117981
    published2018-10-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117981
    titleopenSUSE Security Update : unzip (openSUSE-2018-1124)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-1124.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117981);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-9636", "CVE-2014-9913", "CVE-2015-7696", "CVE-2015-7697", "CVE-2016-9844", "CVE-2018-1000035");
    
      script_name(english:"openSUSE Security Update : unzip (openSUSE-2018-1124)");
      script_summary(english:"Check for the openSUSE-2018-1124 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for unzip fixes the following security issues :
    
      - CVE-2014-9913: Specially crafted zip files could trigger
        invalid memory writes possibly resulting in DoS or
        corruption (bsc#1013993)
    
      - CVE-2015-7696: Specially crafted zip files with password
        protection could trigger a crash and lead to denial of
        service (bsc#950110)
    
      - CVE-2015-7697: Specially crafted zip files could trigger
        an endless loop and lead to denial of service
        (bsc#950111)
    
      - CVE-2016-9844: Specially crafted zip files could trigger
        invalid memory writes possibly resulting in DoS or
        corruption (bsc#1013992)
    
      - CVE-2018-1000035: Prevent heap-based buffer overflow in
        the processing of password-protected archives that
        allowed an attacker to perform a denial of service or to
        possibly achieve code execution (bsc#1080074).
    
      - CVE-2014-9636: Prevent denial of service (out-of-bounds
        read or write and crash) via an extra field with an
        uncompressed size smaller than the compressed field size
        in a zip archive that advertises STORED method
        compression (bsc#914442).
    
    This non-security issue was fixed :
    
      - Allow processing of Windows zip64 archives (Windows
        archivers set total_disks field to 0 but per standard,
        valid values are 1 and higher) (bnc#910683)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1080074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910683"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=914442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=950111"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unzip packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-rcc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-rcc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:unzip-rcc-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"unzip-6.00-31.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"unzip-debuginfo-6.00-31.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"unzip-debugsource-6.00-31.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"unzip-rcc-6.00-31.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"unzip-rcc-debuginfo-6.00-31.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"unzip-rcc-debugsource-6.00-31.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip-rcc / unzip-rcc-debuginfo / unzip-rcc-debugsource / unzip / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2429.NASL
    descriptionAccording to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.(CVE-2014-9913) - Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header.(CVE-2016-9844) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-04
    plugin id131583
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131583
    titleEulerOS 2.0 SP2 : unzip (EulerOS-SA-2019-2429)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131583);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2014-9913",
        "CVE-2015-7696",
        "CVE-2015-7697",
        "CVE-2016-9844",
        "CVE-2018-1000035"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : unzip (EulerOS-SA-2019-2429)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the unzip package installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - Info-ZIP UnZip 6.0 allows remote attackers to cause a
        denial of service (heap-based buffer over-read and
        application crash) or possibly execute arbitrary code
        via a crafted password-protected ZIP archive, possibly
        related to an Extra-Field size value.(CVE-2015-7696)
    
      - Info-ZIP UnZip 6.0 allows remote attackers to cause a
        denial of service (infinite loop) via empty bzip2 data
        in a ZIP archive.(CVE-2015-7697)
    
      - A heap-based buffer overflow exists in Info-Zip UnZip
        version <= 6.00 in the processing of password-protected
        archives that allows an attacker to perform a denial of
        service or to possibly achieve code
        execution.(CVE-2018-1000035)
    
      - Buffer overflow in the list_files function in list.c in
        Info-Zip UnZip 6.0 allows remote attackers to cause a
        denial of service (crash) via vectors related to the
        compression method.(CVE-2014-9913)
    
      - Buffer overflow in the zi_short function in zipinfo.c
        in Info-Zip UnZip 6.0 allows remote attackers to cause
        a denial of service (crash) via a large compression
        method value in the central directory file
        header.(CVE-2016-9844)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2429
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7953c8da");
      script_set_attribute(attribute:"solution", value:
    "Update the affected unzip packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000035");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["unzip-6.0-15.h6"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3386.NASL
    descriptionTwo vulnerabilities have been found in unzip, a de-archiver for .zip files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-7696 Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. - CVE-2015-7697 Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id86680
    published2015-11-02
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86680
    titleDebian DSA-3386-1 : unzip - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3386. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86680);
      script_version("2.6");
      script_cvs_date("Date: 2018/11/10 11:49:37");
    
      script_cve_id("CVE-2015-7696", "CVE-2015-7697");
      script_xref(name:"DSA", value:"3386");
    
      script_name(english:"Debian DSA-3386-1 : unzip - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two vulnerabilities have been found in unzip, a de-archiver for .zip
    files. The Common Vulnerabilities and Exposures project identifies the
    following problems :
    
      - CVE-2015-7696
        Gustavo Grieco discovered that unzip incorrectly handled
        certain password protected archives. If a user or
        automated system were tricked into processing a
        specially crafted zip archive, an attacker could
        possibly execute arbitrary code.
    
      - CVE-2015-7697
        Gustavo Grieco discovered that unzip incorrectly handled
        certain malformed archives. If a user or automated
        system were tricked into processing a specially crafted
        zip archive, an attacker could possibly cause unzip to
        hang, resulting in a denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802160"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-7696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2015-7697"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/unzip"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/unzip"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2015/dsa-3386"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the unzip packages.
    
    For the oldstable distribution (wheezy), these problems have been
    fixed in version 6.0-8+deb7u4.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 6.0-16+deb8u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"unzip", reference:"6.0-8+deb7u4")) flag++;
    if (deb_check(release:"8.0", prefix:"unzip", reference:"6.0-16+deb8u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2788-1.NASL
    descriptionGustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696) Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. (CVE-2015-7697). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86672
    published2015-10-30
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86672
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : unzip vulnerabilities (USN-2788-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2788-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86672);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-7696", "CVE-2015-7697");
      script_xref(name:"USN", value:"2788-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : unzip vulnerabilities (USN-2788-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Gustavo Grieco discovered that unzip incorrectly handled certain
    password protected archives. If a user or automated system were
    tricked into processing a specially crafted zip archive, an attacker
    could possibly execute arbitrary code. (CVE-2015-7696)
    
    Gustavo Grieco discovered that unzip incorrectly handled certain
    malformed archives. If a user or automated system were tricked into
    processing a specially crafted zip archive, an attacker could possibly
    cause unzip to hang, resulting in a denial of service. (CVE-2015-7697).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2788-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected unzip package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04 / 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"unzip", pkgver:"6.0-4ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"unzip", pkgver:"6.0-9ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"unzip", pkgver:"6.0-13ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"unzip", pkgver:"6.0-17ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1462.NASL
    descriptionAccording to the versions of the unzip package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a
    last seen2020-04-30
    modified2020-04-16
    plugin id135624
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135624
    titleEulerOS Virtualization 3.0.2.2 : unzip (EulerOS-SA-2020-1462)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135624);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");
    
      script_cve_id(
        "CVE-2015-7696",
        "CVE-2015-7697",
        "CVE-2018-1000035",
        "CVE-2019-13232"
      );
    
      script_name(english:"EulerOS Virtualization 3.0.2.2 : unzip (EulerOS-SA-2020-1462)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the unzip package installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerabilities :
    
      - A heap-based buffer overflow exists in Info-Zip UnZip
        version <= 6.00 in the processing of password-protected
        archives that allows an attacker to perform a denial of
        service or to possibly achieve code
        execution.(CVE-2018-1000035)
    
      - Info-ZIP UnZip 6.0 allows remote attackers to cause a
        denial of service (infinite loop) via empty bzip2 data
        in a ZIP archive.(CVE-2015-7697)
    
      - Info-ZIP UnZip 6.0 allows remote attackers to cause a
        denial of service (heap-based buffer over-read and
        application crash) or possibly execute arbitrary code
        via a crafted password-protected ZIP archive, possibly
        related to an Extra-Field size value.(CVE-2015-7696)
    
      - Info-ZIP UnZip 6.0 mishandles the overlapping of files
        inside a ZIP container, leading to denial of service
        (resource consumption), aka a 'better zip bomb'
        issue.(CVE-2019-13232)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1462
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d35245df");
      script_set_attribute(attribute:"solution", value:
    "Update the affected unzip packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000035");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["unzip-6.0-19.h8.eulerosv2r7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0013.NASL
    descriptionAn update of [ subversion, libtasn1, unzip, dhcp ] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111847
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111847
    titlePhoton OS 1.0: Dhcp / Libtasn1 / Subversion / Unzip PHSA-2016-0013 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2016-0013. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111847);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id(
        "CVE-2015-7696",
        "CVE-2015-7697",
        "CVE-2015-8605",
        "CVE-2016-2167",
        "CVE-2016-2168",
        "CVE-2016-2774",
        "CVE-2016-4008"
      );
    
      script_name(english:"Photon OS 1.0: Dhcp / Libtasn1 / Subversion / Unzip PHSA-2016-0013 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [ subversion, libtasn1, unzip, dhcp ] packages for
    PhotonOS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-13
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?364ec0c7");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2774");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:dhcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtasn1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:subversion");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "dhcp-client-4.3.5-1.ph1",
      "dhcp-debuginfo-4.3.5-1.ph1",
      "dhcp-devel-4.3.5-1.ph1",
      "dhcp-libs-4.3.5-1.ph1",
      "dhcp-server-4.3.5-1.ph1",
      "libtasn1-4.7-3.ph1",
      "libtasn1-debuginfo-4.7-3.ph1",
      "libtasn1-devel-4.7-3.ph1",
      "subversion-1.9.4-1.ph1",
      "subversion-debuginfo-1.9.4-1.ph1",
      "subversion-devel-1.9.4-1.ph1",
      "unzip-6.0-7.ph1",
      "unzip-debuginfo-6.0-7.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dhcp / libtasn1 / subversion / unzip");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2677.NASL
    descriptionAccording to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132212
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132212
    titleEulerOS 2.0 SP3 : unzip (EulerOS-SA-2019-2677)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132212);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2015-7696",
        "CVE-2015-7697",
        "CVE-2018-1000035"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : unzip (EulerOS-SA-2019-2677)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the unzip package installed, the EulerOS
    installation on the remote host is affected by the following
    vulnerabilities :
    
      - A heap-based buffer overflow exists in Info-Zip UnZip
        version <= 6.00 in the processing of password-protected
        archives that allows an attacker to perform a denial of
        service or to possibly achieve code
        execution.(CVE-2018-1000035)
    
      - Info-ZIP UnZip 6.0 allows remote attackers to cause a
        denial of service (heap-based buffer over-read and
        application crash) or possibly execute arbitrary code
        via a crafted password-protected ZIP archive, possibly
        related to an Extra-Field size value.(CVE-2015-7696)
    
      - Info-ZIP UnZip 6.0 allows remote attackers to cause a
        denial of service (infinite loop) via empty bzip2 data
        in a ZIP archive.(CVE-2015-7697)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2677
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1fdc3bf4");
      script_set_attribute(attribute:"solution", value:
    "Update the affected unzip packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000035");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["unzip-6.0-15.h7"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2788-2.NASL
    descriptionUSN-2788-1 fixed vulnerabilities in unzip. One of the security patches caused a regression when extracting 0-byte files. This update fixes the problem. We apologize for the inconvenience. Gustavo Grieco discovered that unzip incorrectly handled certain password protected archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly execute arbitrary code. (CVE-2015-7696) Gustavo Grieco discovered that unzip incorrectly handled certain malformed archives. If a user or automated system were tricked into processing a specially crafted zip archive, an attacker could possibly cause unzip to hang, resulting in a denial of service. (CVE-2015-7697). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86809
    published2015-11-10
    reporterUbuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86809
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : unzip regression (USN-2788-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2788-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(86809);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/18 12:31:45");
    
      script_cve_id("CVE-2015-7696", "CVE-2015-7697");
      script_xref(name:"USN", value:"2788-2");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : unzip regression (USN-2788-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-2788-1 fixed vulnerabilities in unzip. One of the security patches
    caused a regression when extracting 0-byte files. This update fixes
    the problem.
    
    We apologize for the inconvenience.
    
    Gustavo Grieco discovered that unzip incorrectly handled certain
    password protected archives. If a user or automated system were
    tricked into processing a specially crafted zip archive, an attacker
    could possibly execute arbitrary code. (CVE-2015-7696)
    
    Gustavo Grieco discovered that unzip incorrectly handled
    certain malformed archives. If a user or automated system
    were tricked into processing a specially crafted zip
    archive, an attacker could possibly cause unzip to hang,
    resulting in a denial of service. (CVE-2015-7697).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2788-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected unzip package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:unzip");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:15.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|15\.04|15\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 15.04 / 15.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"unzip", pkgver:"6.0-4ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"unzip", pkgver:"6.0-9ubuntu1.5")) flag++;
    if (ubuntu_check(osver:"15.04", pkgname:"unzip", pkgver:"6.0-13ubuntu3.2")) flag++;
    if (ubuntu_check(osver:"15.10", pkgname:"unzip", pkgver:"6.0-17ubuntu1.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0639-1.NASL
    descriptionThis update for unzip fixes the following issues : - CVE-2014-9913: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013993) - CVE-2015-7696: Specially crafted zip files with password protection could trigger a crash and lead to denial of service (bsc#950110) - CVE-2015-7697: Specially crafted zip files could trigger an endless loop and lead to denial of service (bsc#950111) - CVE-2016-9844: Specially crafted zip files could trigger invalid memory writes possibly resulting in DoS or corruption (bsc#1013992) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97654
    published2017-03-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97654
    titleSUSE SLES11 Security Update : unzip (SUSE-SU-2017:0639-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2234.NASL
    descriptionAccording to the versions of the unzip package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130696
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130696
    titleEulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-2234)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_86C3C66EB2F511E5863AB499BAEBFEAF.NASL
    descriptionGustavo Grieco reports : Two issues were found in unzip 6.0 : * A heap overflow triggered by unzipping a file with password (e.g unzip -p -P x sigsegv.zip). * A denegation of service with a file that never finishes unzipping (e.g. unzip sigxcpu.zip).
    last seen2020-06-01
    modified2020-06-02
    plugin id87747
    published2016-01-06
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87747
    titleFreeBSD : unzip -- multiple vulnerabilities (86c3c66e-b2f5-11e5-863a-b499baebfeaf)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2016-0013_UNZIP.NASL
    descriptionAn update of the unzip package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121657
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121657
    titlePhoton OS 1.0: Unzip PHSA-2016-0013
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1222.NASL
    descriptionAccording to the versions of the unzip package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) - Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134511
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134511
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : unzip (EulerOS-SA-2020-1222)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-330.NASL
    descriptionGustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives. For the Debian 6 squeeze, these issues haven been fixed in unzip 6.0-4+deb6u3. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-10-23
    plugin id86551
    published2015-10-23
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86551
    titleDebian DLA-330-1 : unzip security update