Vulnerabilities > CVE-2016-4007 - Arbitrary Command Execution vulnerability in openSUSE
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-758.NASL description obs-service-source_validator was updated to fix one security issue. This security issue was fixed : - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265). This non-security issue was fixed : - bsc#967610: Several occurrences of uninitialized value. last seen 2020-06-05 modified 2016-06-24 plugin id 91792 published 2016-06-24 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91792 title openSUSE Security Update : obs-service-source_validator (openSUSE-2016-758) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-758. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(91792); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-4007"); script_name(english:"openSUSE Security Update : obs-service-source_validator (openSUSE-2016-758)"); script_summary(english:"Check for the openSUSE-2016-758 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "obs-service-source_validator was updated to fix one security issue. This security issue was fixed : - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265). This non-security issue was fixed : - bsc#967610: Several occurrences of uninitialized value." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967265" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967610" ); script_set_attribute( attribute:"solution", value:"Update the affected obs-service-source_validator package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:obs-service-source_validator"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"obs-service-source_validator-0.6+git20160531.fbfe336-9.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "obs-service-source_validator"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-759.NASL description obs-service-source_validator was updated to fix one security issue. This security issue was fixed : - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265). This non-security issue was fixed : - bsc#967610: Several occurrences of uninitialized value. last seen 2020-06-05 modified 2016-06-24 plugin id 91793 published 2016-06-24 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91793 title openSUSE Security Update : obs-service-source_validator (openSUSE-2016-759) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-759. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(91793); script_version("2.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-4007"); script_name(english:"openSUSE Security Update : obs-service-source_validator (openSUSE-2016-759)"); script_summary(english:"Check for the openSUSE-2016-759 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "obs-service-source_validator was updated to fix one security issue. This security issue was fixed : - CVE-2016-4007: Several maintained source services are vulnerable to code/paramter injection (bsc#967265). This non-security issue was fixed : - bsc#967610: Several occurrences of uninitialized value." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967265" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=967610" ); script_set_attribute( attribute:"solution", value:"Update the affected obs-service-source_validator package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:obs-service-source_validator"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"obs-service-source_validator-0.6+git20160531.fbfe336-11.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "obs-service-source_validator"); }
References
- http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.html
- https://build.opensuse.org/request/show/361096