Vulnerabilities > CVE-2016-6318 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 | |
| OS | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-2220.NASL description It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 8 last seen 2020-05-31 modified 2020-05-26 plugin id 136836 published 2020-05-26 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136836 title Debian DLA-2220-1 : cracklib2 security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-2220-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(136836); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/28"); script_cve_id("CVE-2016-6318"); script_name(english:"Debian DLA-2220-1 : cracklib2 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 8 'Jessie', this problem has been fixed in version 2.9.2-1+deb8u1. We recommend that you upgrade your cracklib2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/jessie/cracklib2" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cracklib-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcrack2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcrack2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcrack2-udeb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"8.0", prefix:"cracklib-runtime", reference:"2.9.2-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libcrack2", reference:"2.9.2-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libcrack2-dev", reference:"2.9.2-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"libcrack2-udeb", reference:"2.9.2-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"python-cracklib", reference:"2.9.2-1+deb8u1")) flag++; if (deb_check(release:"8.0", prefix:"python3-cracklib", reference:"2.9.2-1+deb8u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2016-B601141219.NASL description Security fix for CVE-2016-6318 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95684 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95684 title Fedora 24 : cracklib (2016-b601141219) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-b601141219. # include("compat.inc"); if (description) { script_id(95684); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-6318"); script_xref(name:"FEDORA", value:"2016-b601141219"); script_name(english:"Fedora 24 : cracklib (2016-b601141219)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-6318 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b601141219" ); script_set_attribute( attribute:"solution", value:"Update the affected cracklib package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"cracklib-2.9.6-4.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2439.NASL description According to the version of the cracklib packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CrackLib tests passwords to determine whether they match certain security-oriented characteristics, with the purpose of stopping users from choosing passwords that are easy to guess. CrackLib performs several tests on passwords: it tries to generate words from a username and gecos entry and checks those words against the password it checks for simplistic patterns in passwords and it checks for the password in a dictionary.CrackLib is actually a library containing a particular C function which is used to check the password, as well as other C functions. CrackLib is not a replacement for a passwd program it must be used in conjunction with an existing passwd program.Install the cracklib package if you need a program to check users last seen 2020-05-08 modified 2019-12-04 plugin id 131593 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131593 title EulerOS 2.0 SP2 : cracklib (EulerOS-SA-2019-2439) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131593); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2016-6318" ); script_name(english:"EulerOS 2.0 SP2 : cracklib (EulerOS-SA-2019-2439)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the cracklib packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - CrackLib tests passwords to determine whether they match certain security-oriented characteristics, with the purpose of stopping users from choosing passwords that are easy to guess. CrackLib performs several tests on passwords: it tries to generate words from a username and gecos entry and checks those words against the password it checks for simplistic patterns in passwords and it checks for the password in a dictionary.CrackLib is actually a library containing a particular C function which is used to check the password, as well as other C functions. CrackLib is not a replacement for a passwd program it must be used in conjunction with an existing passwd program.Install the cracklib package if you need a program to check users' passwords to see if they are at least minimally secure. If you install CrackLib, you will also want to install the cracklib-dicts package.Security Fix(es):Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field, involving longbuffer.(CVE-2016-6318) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2439 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e440798"); script_set_attribute(attribute:"solution", value: "Update the affected cracklib package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cracklib-dicts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["cracklib-2.9.0-11.h1", "cracklib-dicts-2.9.0-11.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-BFA785E39E.NASL description Security fix for CVE-2016-6318 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-12-12 plugin id 95686 published 2016-12-12 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95686 title Fedora 25 : cracklib (2016-bfa785e39e) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-bfa785e39e. # include("compat.inc"); if (description) { script_id(95686); script_version("3.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-6318"); script_xref(name:"FEDORA", value:"2016-bfa785e39e"); script_name(english:"Fedora 25 : cracklib (2016-bfa785e39e)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2016-6318 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfa785e39e" ); script_set_attribute( attribute:"solution", value:"Update the affected cracklib package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"cracklib-2.9.6-4.fc25")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0013_CRACKLIB.NASL description An update of the cracklib package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121681 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121681 title Photon OS 1.0: Cracklib PHSA-2017-0013 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0013. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(121681); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2016-6318"); script_name(english:"Photon OS 1.0: Cracklib PHSA-2017-0013"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the cracklib package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-37.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4429"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"cracklib-2.9.6-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"cracklib-debuginfo-2.9.6-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"cracklib-devel-2.9.6-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"cracklib-dicts-2.9.6-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"cracklib-lang-2.9.6-3.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"cracklib-python-2.9.6-3.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2107-1.NASL description This update for cracklib fixes the following issues : - Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93301 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93301 title SUSE SLED12 / SLES12 Security Update : cracklib (SUSE-SU-2016:2107-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2107-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93301); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-6318"); script_name(english:"SUSE SLED12 / SLES12 Security Update : cracklib (SUSE-SU-2016:2107-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for cracklib fixes the following issues : - Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=992966" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-6318/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162107-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6b7aff41" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1247=1 SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1247=1 SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1247=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cracklib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cracklib-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcrack2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcrack2-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"cracklib-2.9.0-7.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"cracklib-debuginfo-2.9.0-7.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"cracklib-debugsource-2.9.0-7.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libcrack2-2.9.0-7.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libcrack2-debuginfo-2.9.0-7.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libcrack2-32bit-2.9.0-7.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"libcrack2-debuginfo-32bit-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"cracklib-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"cracklib-debuginfo-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"cracklib-debugsource-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libcrack2-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libcrack2-32bit-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libcrack2-debuginfo-2.9.0-7.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libcrack2-debuginfo-32bit-2.9.0-7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1041.NASL description This update for cracklib fixes the following issues : - Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-09-01 plugin id 93249 published 2016-09-01 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93249 title openSUSE Security Update : cracklib (openSUSE-2016-1041) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-1041. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(93249); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-6318"); script_name(english:"openSUSE Security Update : cracklib (openSUSE-2016-1041)"); script_summary(english:"Check for the openSUSE-2016-1041 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for cracklib fixes the following issues : - Add patch to fix a buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=992966" ); script_set_attribute( attribute:"solution", value:"Update the affected cracklib packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cracklib-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cracklib-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cracklib-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cracklib-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cracklib-dict-small"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrack2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrack2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrack2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcrack2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpwquality1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pam_pwquality"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pam_pwquality-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-pwquality"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-pwquality-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"cracklib-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"cracklib-debuginfo-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"cracklib-debugsource-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"cracklib-devel-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"cracklib-dict-small-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libcrack2-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libcrack2-debuginfo-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality-debugsource-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality-devel-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality-lang-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality-tools-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality-tools-debuginfo-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality1-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"libpwquality1-debuginfo-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"pam_pwquality-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"pam_pwquality-debuginfo-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"python-pwquality-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"python-pwquality-debuginfo-1.2.3-5.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"cracklib-devel-32bit-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libcrack2-32bit-2.9.0-7.1") ) flag++; if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libcrack2-debuginfo-32bit-2.9.0-7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib / cracklib-debuginfo / cracklib-debugsource / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2211-1.NASL description This update for cracklib fixes a security issue and a bug: Security issue fixed : - Add patch to fix a stack-based buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed : - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93341 published 2016-09-06 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93341 title SUSE SLES11 Security Update : cracklib (SUSE-SU-2016:2211-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2211-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93341); script_version("2.7"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2016-6318"); script_name(english:"SUSE SLES11 Security Update : cracklib (SUSE-SU-2016:2211-1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for cracklib fixes a security issue and a bug: Security issue fixed : - Add patch to fix a stack-based buffer overflow in GECOS parser (bsc#992966 CVE-2016-6318) The following non security issue was fixed : - Call textdomain in cracklib-check main function so that program output is translated accordingly. (bsc#928923) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=928923" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=992966" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-6318/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162211-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bdad6c22" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Studio Onsite 1.3:zypper in -t patch slestso13-cracklib-12726=1 SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-cracklib-12726=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-cracklib-12726=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-cracklib-12726=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/07"); script_set_attribute(attribute:"patch_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"cracklib-32bit-2.8.12-56.13.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"cracklib-32bit-2.8.12-56.13.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"cracklib-2.8.12-56.13.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-25.NASL description The remote host is affected by the vulnerability described in GLSA-201612-25 (CrackLib: Buffer overflow) A stack-based buffer overflow was discovered in the FascistGecosUser function of lib/fascist.c. Impact : A local attacker could set a specially crafted GECOS field value in “/etc/passwd”; possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or the escalation of privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95641 published 2016-12-08 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/95641 title GLSA-201612-25 : CrackLib: Buffer overflow code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201612-25. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(95641); script_version("$Revision: 2.1 $"); script_cvs_date("$Date: 2016/12/08 20:42:13 $"); script_cve_id("CVE-2016-6318"); script_xref(name:"GLSA", value:"201612-25"); script_name(english:"GLSA-201612-25 : CrackLib: Buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201612-25 (CrackLib: Buffer overflow) A stack-based buffer overflow was discovered in the FascistGecosUser function of lib/fascist.c. Impact : A local attacker could set a specially crafted GECOS field value in “/etc/passwd”; possibly resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or the escalation of privileges. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201612-25" ); script_set_attribute( attribute:"solution", value: "All CrackLib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/cracklib-2.9.6-r1'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-libs/cracklib", unaffected:make_list("ge 2.9.6-r1"), vulnerable:make_list("lt 2.9.6-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CrackLib"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0013.NASL description An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111862 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111862 title Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0013. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111862); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2016-1234", "CVE-2016-1546", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-6313", "CVE-2016-6318", "CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197" ); script_name(english:"Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-37 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5405b83"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4429"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libgcrypt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "cracklib-2.9.6-3.ph1", "cracklib-debuginfo-2.9.6-3.ph1", "cracklib-devel-2.9.6-3.ph1", "cracklib-dicts-2.9.6-3.ph1", "cracklib-lang-2.9.6-3.ph1", "cracklib-python-2.9.6-3.ph1", "glibc-2.22-10.ph1", "glibc-devel-2.22-10.ph1", "glibc-lang-2.22-10.ph1", "httpd-2.4.25-2.ph1", "httpd-debuginfo-2.4.25-2.ph1", "httpd-devel-2.4.25-2.ph1", "httpd-docs-2.4.25-2.ph1", "httpd-tools-2.4.25-2.ph1", "libevent-2.1.8-1.ph1", "libevent-debuginfo-2.1.8-1.ph1", "libevent-devel-2.1.8-1.ph1", "libgcrypt-1.7.6-1.ph1", "libgcrypt-debuginfo-1.7.6-1.ph1", "libgcrypt-devel-1.7.6-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib / glibc / httpd / libevent / libgcrypt"); }NASL family Debian Local Security Checks NASL id DEBIAN_DLA-599.NASL description It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 7 last seen 2020-03-17 modified 2016-08-22 plugin id 93054 published 2016-08-22 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93054 title Debian DLA-599-1 : cracklib2 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-599-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(93054); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-6318"); script_name(english:"Debian DLA-599-1 : cracklib2 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that there was a stack-based buffer overflow when parsing large GECOS fields in cracklib2, a pro-active password checker library. For Debian 7 'Wheezy', this issue has been fixed in cracklib2 version 2.8.19-3+deb7u1. We recommend that you upgrade your cracklib2 packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/08/msg00024.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/cracklib2" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cracklib-runtime"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcrack2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcrack2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-cracklib"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"cracklib-runtime", reference:"2.8.19-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libcrack2", reference:"2.8.19-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"libcrack2-dev", reference:"2.8.19-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python-cracklib", reference:"2.8.19-3+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"python3-cracklib", reference:"2.8.19-3+deb7u1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://www.openwall.com/lists/oss-security/2016/08/16/2
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00122.html
- http://www.securityfocus.com/bid/92478
- https://security.gentoo.org/glsa/201612-25
- https://lists.debian.org/debian-lts-announce/2020/05/msg00023.html
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E