Vulnerabilities > CVE-2017-0553 - Integer Overflow or Wraparound vulnerability in Google Android

047910
CVSS 7.0 - HIGH
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
high complexity
google
CWE-190
nessus

Summary

An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3311-1.NASL
    descriptionIt was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100663
    published2017-06-07
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100663
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libnl3 vulnerability (USN-3311-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3311-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100663);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-0553");
      script_xref(name:"USN", value:"3311-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libnl3 vulnerability (USN-3311-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that libnl incorrectly handled memory when
    performing certain operations. A local attacker could possibly use
    this issue to cause libnl to crash, resulting in a denial of service,
    or execute arbitrary code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3311-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libnl-3-200 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnl-3-200");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libnl-3-200", pkgver:"3.2.21-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libnl-3-200", pkgver:"3.2.27-1ubuntu0.16.04.1")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"libnl-3-200", pkgver:"3.2.27-1ubuntu0.16.10.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"libnl-3-200", pkgver:"3.2.29-0ubuntu2.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libnl-3-200");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1167.NASL
    descriptionAccording to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) - An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) - A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. (CVE-2017-10985) - Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) - An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) - Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) - An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10984) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-09-08
    plugin id103005
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103005
    titleEulerOS 2.0 SP1 : freeradius (EulerOS-SA-2017-1167)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103005);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-10978",
        "CVE-2017-10983",
        "CVE-2017-10984",
        "CVE-2017-10985",
        "CVE-2017-10986",
        "CVE-2017-10987"
      );
    
      script_name(english:"EulerOS 2.0 SP1 : freeradius (EulerOS-SA-2017-1167)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the freeradius package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - An integer overflow leading to a heap-buffer overflow
        was found in the libnl library. An attacker could use
        this flaw to cause an application compiled with libnl
        to crash or possibly execute arbitrary code in the
        context of the user running such an application.
        (CVE-2017-0553)
    
      - An out-of-bounds read and write flaw was found in the
        way FreeRADIUS server handled RADIUS packets. A remote
        attacker could use this flaw to crash the FreeRADIUS
        server by sending a specially crafted RADIUS packet.
        (CVE-2017-10978)
    
      - A denial of service flaw was found in the way
        FreeRADIUS server handled certain attributes in request
        packets. A remote attacker could use this flaw to cause
        the FreeRADIUS server to enter an infinite loop,
        consume increasing amounts of memory resources, and
        ultimately crash by sending a specially crafted request
        packet. (CVE-2017-10985)
    
      - Multiple out-of-bounds read flaws were found in the way
        FreeRADIUS server handled decoding of DHCP packets. A
        remote attacker could use these flaws to crash the
        FreeRADIUS server by sending a specially crafted DHCP
        request. (CVE-2017-10986, CVE-2017-10987)
    
      - An out-of-bounds read flaw was found in the way
        FreeRADIUS server handled decoding of DHCP packets. A
        remote attacker could use this flaw to crash the
        FreeRADIUS server by sending a specially crafted DHCP
        request. (CVE-2017-10983)
    
      - Multiple out-of-bounds read flaws were found in the way
        FreeRADIUS server handled decoding of DHCP packets. A
        remote attacker could use these flaws to crash the
        FreeRADIUS server by sending a specially crafted DHCP
        request. (CVE-2017-10986, CVE-2017-10987)
    
      - An out-of-bounds write flaw was found in the way
        FreeRADIUS server handled certain attributes in request
        packets. A remote attacker could use this flaw to crash
        the FreeRADIUS server or to execute arbitrary code in
        the context of the FreeRADIUS server process by sending
        a specially crafted request packet. (CVE-2017-10984)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1167
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ba364ed7");
      script_set_attribute(attribute:"solution", value:
    "Update the affected freeradius packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:freeradius");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["freeradius-3.0.13-8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freeradius");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2168.NASL
    descriptionAccording to the version of the libnl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.(CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-12
    plugin id130877
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130877
    titleEulerOS 2.0 SP5 : libnl (EulerOS-SA-2019-2168)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1161.NASL
    descriptionAccording to the version of the libnl3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-09-08
    plugin id102999
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102999
    titleEulerOS 2.0 SP1 : libnl3 (EulerOS-SA-2017-1161)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-892.NASL
    descriptionIt was discovered that there was an integer overflow in libnl3, a library for dealing with netlink sockets. A missing check in nlmsg_reserve() could have allowed a malicious application to execute arbitrary code within the context of the WiFi service. For Debian 7
    last seen2020-03-17
    modified2017-04-11
    plugin id99270
    published2017-04-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99270
    titleDebian DLA-892-1 : libnl3 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1258.NASL
    descriptionAccording to the version of the libnl package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application.(CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134547
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134547
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libnl (EulerOS-SA-2020-1258)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2299.NASL
    descriptionAn update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The libnl3 packages contain a convenience library that simplifies using the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id102760
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102760
    titleCentOS 7 : NetworkManager / NetworkManager-libreswan / libnl3 / network-manager-applet (CESA-2017:2299)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2299.NASL
    descriptionFrom Red Hat Security Advisory 2017:2299 : An update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The libnl3 packages contain a convenience library that simplifies using the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id102341
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102341
    titleOracle Linux 7 : NetworkManager / libnl3 (ELSA-2017-2299)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-34F6E70FDD.NASL
    descriptionlib: check for integer overflow in nlmsg_reserve() (rh#1440789, CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-24
    plugin id99608
    published2017-04-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99608
    titleFedora 25 : libnl3 (2017-34f6e70fdd)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170801_NETWORKMANAGER_AND_LIBNL3_ON_SL7_X.NASL
    descriptionThe libnl3 packages contain a convenience library that simplifies using the Linux kernel
    last seen2020-03-18
    modified2017-08-22
    plugin id102635
    published2017-08-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102635
    titleScientific Linux Security Update : NetworkManager and libnl3 on SL7.x x86_64 (20170801)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7A5363B41D.NASL
    descriptionlib: check for integer overflow in nlmsg_reserve() (rh#1440788, rh#1440789, CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-05-05
    plugin id99989
    published2017-05-05
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99989
    titleFedora 24 : libnl3 (2017-7a5363b41d)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2299.NASL
    descriptionAn update for NetworkManager, NetworkManager-libreswan, libnl3, and network-manager-applet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The libnl3 packages contain a convenience library that simplifies using the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id102155
    published2017-08-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102155
    titleRHEL 7 : NetworkManager and libnl3 (RHSA-2017:2299)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-891.NASL
    descriptionIt was discovered that there was a FIXME in libnl, a FIXME... For Debian 7
    last seen2020-03-17
    modified2017-04-11
    plugin id99269
    published2017-04-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99269
    titleDebian DLA-891-1 : libnl security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-876.NASL
    descriptionInteger overflow in nlmsg_reserve() : An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553)
    last seen2020-06-01
    modified2020-06-02
    plugin id102864
    published2017-09-01
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102864
    titleAmazon Linux AMI : libnl3 (ALAS-2017-876)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1162.NASL
    descriptionAccording to the version of the libnl3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-09-08
    plugin id103000
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103000
    titleEulerOS 2.0 SP2 : libnl3 (EulerOS-SA-2017-1162)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1168.NASL
    descriptionAccording to the versions of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) - An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) - A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. (CVE-2017-10985) - Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) - An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) - Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) - An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10984) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-09-08
    plugin id103006
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103006
    titleEulerOS 2.0 SP2 : freeradius (EulerOS-SA-2017-1168)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1853.NASL
    descriptionAccording to the version of the libnl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-17
    plugin id128905
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128905
    titleEulerOS 2.0 SP2 : libnl (EulerOS-SA-2019-1853)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3311-2.NASL
    descriptionUSN-3311-1 fixed a vulnerability in libnl. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libnl incorrectly handled memory when performing certain operations. A local attacker could possibly use this issue to cause libnl to crash, resulting in a denial of service, or execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100919
    published2017-06-20
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/100919
    titleUbuntu 12.04 LTS : libnl3 vulnerability (USN-3311-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1490.NASL
    descriptionAccording to the version of the libnl package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.(CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135652
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135652
    titleEulerOS Virtualization 3.0.2.2 : libnl (EulerOS-SA-2020-1490)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2051.NASL
    descriptionAccording to the version of the libnl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129244
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129244
    titleEulerOS 2.0 SP3 : libnl (EulerOS-SA-2019-2051)

Redhat

advisories
bugzilla
id1460760
titleVirtio-net interface MTU overwritten to 1500 bytes
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentlibnl3-doc is earlier than 0:3.2.28-4.el7
          ovaloval:com.redhat.rhsa:tst:20172299001
        • commentlibnl3-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581008
      • AND
        • commentlibnl3-devel is earlier than 0:3.2.28-4.el7
          ovaloval:com.redhat.rhsa:tst:20172299003
        • commentlibnl3-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581006
      • AND
        • commentlibnl3 is earlier than 0:3.2.28-4.el7
          ovaloval:com.redhat.rhsa:tst:20172299005
        • commentlibnl3 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581010
      • AND
        • commentlibnl3-cli is earlier than 0:3.2.28-4.el7
          ovaloval:com.redhat.rhsa:tst:20172299007
        • commentlibnl3-cli is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581012
      • AND
        • commentNetworkManager-libreswan-gnome is earlier than 0:1.2.4-2.el7
          ovaloval:com.redhat.rhsa:tst:20172299009
        • commentNetworkManager-libreswan-gnome is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315022
      • AND
        • commentNetworkManager-libreswan is earlier than 0:1.2.4-2.el7
          ovaloval:com.redhat.rhsa:tst:20172299011
        • commentNetworkManager-libreswan is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315020
      • AND
        • commentnetwork-manager-applet is earlier than 0:1.8.0-3.el7
          ovaloval:com.redhat.rhsa:tst:20172299013
        • commentnetwork-manager-applet is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315016
      • AND
        • commentlibnm-gtk-devel is earlier than 0:1.8.0-3.el7
          ovaloval:com.redhat.rhsa:tst:20172299015
        • commentlibnm-gtk-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315018
      • AND
        • commentlibnma-devel is earlier than 0:1.8.0-3.el7
          ovaloval:com.redhat.rhsa:tst:20172299017
        • commentlibnma-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581014
      • AND
        • commentlibnma is earlier than 0:1.8.0-3.el7
          ovaloval:com.redhat.rhsa:tst:20172299019
        • commentlibnma is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581024
      • AND
        • commentlibnm-gtk is earlier than 0:1.8.0-3.el7
          ovaloval:com.redhat.rhsa:tst:20172299021
        • commentlibnm-gtk is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315014
      • AND
        • commentnm-connection-editor is earlier than 0:1.8.0-3.el7
          ovaloval:com.redhat.rhsa:tst:20172299023
        • commentnm-connection-editor is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315012
      • AND
        • commentNetworkManager-dispatcher-routing-rules is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299025
        • commentNetworkManager-dispatcher-routing-rules is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20162581046
      • AND
        • commentNetworkManager-config-server is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299027
        • commentNetworkManager-config-server is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315050
      • AND
        • commentNetworkManager-libnm-devel is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299029
        • commentNetworkManager-libnm-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315048
      • AND
        • commentNetworkManager-glib-devel is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299031
        • commentNetworkManager-glib-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110930006
      • AND
        • commentNetworkManager-libnm is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299033
        • commentNetworkManager-libnm is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315032
      • AND
        • commentNetworkManager-tui is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299035
        • commentNetworkManager-tui is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315040
      • AND
        • commentNetworkManager-bluetooth is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299037
        • commentNetworkManager-bluetooth is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315028
      • AND
        • commentNetworkManager-adsl is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299039
        • commentNetworkManager-adsl is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315024
      • AND
        • commentNetworkManager-wwan is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299041
        • commentNetworkManager-wwan is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315030
      • AND
        • commentNetworkManager-wifi is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299043
        • commentNetworkManager-wifi is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315038
      • AND
        • commentNetworkManager is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299045
        • commentNetworkManager is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110930004
      • AND
        • commentNetworkManager-team is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299047
        • commentNetworkManager-team is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20152315036
      • AND
        • commentNetworkManager-ppp is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299049
        • commentNetworkManager-ppp is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20172299050
      • AND
        • commentNetworkManager-glib is earlier than 1:1.8.0-9.el7
          ovaloval:com.redhat.rhsa:tst:20172299051
        • commentNetworkManager-glib is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110930002
rhsa
idRHSA-2017:2299
released2017-08-01
severityModerate
titleRHSA-2017:2299: NetworkManager and libnl3 security, bug fix and enhancement update (Moderate)
rpms
  • NetworkManager-1:1.8.0-9.el7
  • NetworkManager-adsl-1:1.8.0-9.el7
  • NetworkManager-bluetooth-1:1.8.0-9.el7
  • NetworkManager-config-server-1:1.8.0-9.el7
  • NetworkManager-debuginfo-1:1.8.0-9.el7
  • NetworkManager-dispatcher-routing-rules-1:1.8.0-9.el7
  • NetworkManager-glib-1:1.8.0-9.el7
  • NetworkManager-glib-devel-1:1.8.0-9.el7
  • NetworkManager-libnm-1:1.8.0-9.el7
  • NetworkManager-libnm-devel-1:1.8.0-9.el7
  • NetworkManager-libreswan-0:1.2.4-2.el7
  • NetworkManager-libreswan-debuginfo-0:1.2.4-2.el7
  • NetworkManager-libreswan-gnome-0:1.2.4-2.el7
  • NetworkManager-ppp-1:1.8.0-9.el7
  • NetworkManager-team-1:1.8.0-9.el7
  • NetworkManager-tui-1:1.8.0-9.el7
  • NetworkManager-wifi-1:1.8.0-9.el7
  • NetworkManager-wwan-1:1.8.0-9.el7
  • libnl3-0:3.2.28-4.el7
  • libnl3-cli-0:3.2.28-4.el7
  • libnl3-debuginfo-0:3.2.28-4.el7
  • libnl3-devel-0:3.2.28-4.el7
  • libnl3-doc-0:3.2.28-4.el7
  • libnm-gtk-0:1.8.0-3.el7
  • libnm-gtk-devel-0:1.8.0-3.el7
  • libnma-0:1.8.0-3.el7
  • libnma-devel-0:1.8.0-3.el7
  • network-manager-applet-0:1.8.0-3.el7
  • network-manager-applet-debuginfo-0:1.8.0-3.el7
  • nm-connection-editor-0:1.8.0-3.el7