Vulnerabilities > CVE-2017-12618 - Out-of-bounds Read vulnerability in Apache Portable Runtime Utility

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
high complexity
apache
CWE-125
nessus

Summary

Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.

Vulnerable Configurations

Part Description Count
Application
Apache
59

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-929.NASL
    descriptionApache Portable Runtime Utility (APR-util) fails to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service.(CVE-2017-12618)
    last seen2020-06-01
    modified2020-06-02
    plugin id105053
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105053
    titleAmazon Linux AMI : apr-util (ALAS-2017-929)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2017-929.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105053);
      script_version("3.3");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2017-12618");
      script_xref(name:"ALAS", value:"2017-929");
    
      script_name(english:"Amazon Linux AMI : apr-util (ALAS-2017-929)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Apache Portable Runtime Utility (APR-util) fails to validate the
    integrity of SDBM database files used by apr_sdbm*() functions,
    resulting in a possible out of bound read access. A local user with
    write access to the database can make a program or process using these
    functions crash, and cause a denial of service.(CVE-2017-12618)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2017-929.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update apr-util' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-freetds");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-nss");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:apr-util-sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"apr-util-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-debuginfo-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-devel-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-freetds-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-ldap-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-mysql-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-nss-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-odbc-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-openssl-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-pgsql-1.5.4-6.18.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"apr-util-sqlite-1.5.4-6.18.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apr-util / apr-util-debuginfo / apr-util-devel / apr-util-freetds / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3278-1.NASL
    descriptionThis update for libapr-util1 fixes the following issues: Security issue fixed : - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105253
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105253
    titleSUSE SLES12 Security Update : libapr-util1 (SUSE-SU-2017:3278-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3278-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105253);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-12618");
    
      script_name(english:"SUSE SLES12 Security Update : libapr-util1 (SUSE-SU-2017:3278-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libapr-util1 fixes the following issues: Security
    issue fixed :
    
      - CVE-2017-12618: DoS via crafted SDBM database files in
        apr_sdbm*() functions (bsc#1064990)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12618/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173278-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5d28dc98"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2017-2039=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-2039=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2017-2039=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2017-2039=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2017-2039=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libapr-util1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libapr-util1-dbd-sqlite3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libapr-util1-dbd-sqlite3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libapr-util1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libapr-util1-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2/3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libapr-util1-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libapr-util1-dbd-sqlite3-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libapr-util1-debuginfo-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libapr-util1-debugsource-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libapr-util1-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libapr-util1-dbd-sqlite3-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libapr-util1-dbd-sqlite3-debuginfo-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libapr-util1-debuginfo-1.5.3-2.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libapr-util1-debugsource-1.5.3-2.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libapr-util1");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD_10_13_6_2018-002.NASL
    descriptionThe remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - fpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - EFI - Foundation - Grand Central Dispatch - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - NetworkExtension - Security - Spotlight - Symptom Framework - WiFi
    last seen2020-03-18
    modified2018-10-31
    plugin id118575
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118575
    titlemacOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118575);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id(
        "CVE-2017-12613",
        "CVE-2017-12618",
        "CVE-2018-3639",
        "CVE-2018-3640",
        "CVE-2018-3646",
        "CVE-2018-4126",
        "CVE-2018-4153",
        "CVE-2018-4203",
        "CVE-2018-4295",
        "CVE-2018-4304",
        "CVE-2018-4308",
        "CVE-2018-4310",
        "CVE-2018-4326",
        "CVE-2018-4331",
        "CVE-2018-4340",
        "CVE-2018-4341",
        "CVE-2018-4342",
        "CVE-2018-4346",
        "CVE-2018-4348",
        "CVE-2018-4350",
        "CVE-2018-4354",
        "CVE-2018-4368",
        "CVE-2018-4369",
        "CVE-2018-4371",
        "CVE-2018-4393",
        "CVE-2018-4394",
        "CVE-2018-4395",
        "CVE-2018-4396",
        "CVE-2018-4398",
        "CVE-2018-4399",
        "CVE-2018-4400",
        "CVE-2018-4401",
        "CVE-2018-4402",
        "CVE-2018-4406",
        "CVE-2018-4407",
        "CVE-2018-4408",
        "CVE-2018-4410",
        "CVE-2018-4411",
        "CVE-2018-4412",
        "CVE-2018-4413",
        "CVE-2018-4415",
        "CVE-2018-4417",
        "CVE-2018-4418",
        "CVE-2018-4419",
        "CVE-2018-4420",
        "CVE-2018-4422",
        "CVE-2018-4423",
        "CVE-2018-4425",
        "CVE-2018-4426"
      );
      script_xref(name:"APPLE-SA", value:"APPLE-SA-2018-10-30-2");
    
      script_name(english:"macOS 10.13.6 Multiple Vulnerabilities (Security Update 2018-002)");
      script_summary(english:"Checks for the presence of Security Update 2018-002 (APPLE-SA-2018-10-30-2).");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a macOS security update that fixes
    multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running macOS 10.13.6 and is missing a security
    update. It is therefore, affected by multiple vulnerabilities
    affecting the following components :
    
      - fpserver
      - AppleGraphicsControl
      - APR
      - ATS
      - CFNetwork
      - CoreAnimation
      - CoreCrypto
      - CoreFoundation
      - CUPS
      - Dictionary
      - dyld
      - EFI
      - Foundation
      - Grand Central Dispatch
      - Heimdal
      - Hypervisor
      - ICU
      - Intel Graphics Driver
      - IOGraphics
      - IOHIDFamily
      - IOKit
      - IOUserEthernet
      - IPSec
      - Kernel
      - Login Window
      - mDNSOffloadUserClient
      - MediaRemote
      - Microcode
      - NetworkExtension
      - Security
      - Spotlight
      - Symptom Framework
      - WiFi");
      script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209193");
      # https://lists.apple.com/archives/security-announce/2018/Oct/msg00003.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0681c90");
      script_set_attribute(attribute:"solution", value:
    "Install Security Update 2018-002 or later for 10.13.6.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4331");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms");
    
      exit(0);
    }
    include('lists.inc');
    include('vcf.inc');
    include('vcf_extras_apple.inc');
    
    app_info = vcf::apple::macos::get_app_info();
    
    constraints = [
      { 'min_version' : '10.13', 'max_version' : '10.13.6', 'fixed_build': '17G3025', 'fixed_display' : '10.13.6 Security Update 2018-002' }
    ];
    
    vcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_10_14.NASL
    descriptionThe remote host is running a version of Mac OS X that is prior to 10.13.6 or is not macOS 10.14. It is, therefore, affected by multiple vulnerabilities in the following components : - afpserver - AppleGraphicsControl - Application Firewall - App Store - APR - ATS - Auto Unlock - Bluetooth - CFNetwork - CoreFoundation - CoreText - Crash Reporter - CUPS - Dictionary - Grand Central Dispatch - Heimdal - Hypervisor - iBooks - Intel Graphics Driver - IOHIDFamily - IOKit - IOUserEthernet - Kernel - LibreSSL - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Security - Spotlight - Symptom Framework - Text - Wi-Fi Note that successful exploitation of the most serious issues can result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id118178
    published2018-10-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118178
    titlemacOS < 10.14 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0307-1.NASL
    descriptionThis update for libapr-util1 fixes the following issues: Security issue fixed : - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id106532
    published2018-01-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106532
    titleSUSE SLES11 Security Update : libapr-util1 (SUSE-SU-2018:0307-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-329E5FB4C9.NASL
    descriptionSecurity fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-11-16
    plugin id104593
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104593
    titleFedora 26 : apr-util (2017-329e5fb4c9)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1163.NASL
    descriptionIt was discovered that there was an out-of-bounds read access in apr-util, a support/portability library used by many applications. A local user with write access to the database could have made a process using these functions crash and thus cause a denial of service. For Debian 7
    last seen2020-03-17
    modified2017-11-07
    plugin id104413
    published2017-11-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104413
    titleDebian DLA-1163-1 : apr-util security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1370.NASL
    descriptionThis update for libapr-util1 fixes the following issues : Security issue fixed : - CVE-2017-12618: DoS via crafted SDBM database files in apr_sdbm*() functions (bsc#1064990) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-12-15
    plugin id105265
    published2017-12-15
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105265
    titleopenSUSE Security Update : libapr-util1 (openSUSE-2017-1370)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2018-005.NASL
    descriptionThe remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components : - afpserver - AppleGraphicsControl - APR - ATS - CFNetwork - CoreAnimation - CoreCrypto - CoreFoundation - CUPS - Dictionary - dyld - Foundation - Heimdal - Hypervisor - ICU - Intel Graphics Driver - IOGraphics - IOHIDFamily - IOKit - IOUserEthernet - IPSec - Kernel - Login Window - mDNSOffloadUserClient - MediaRemote - Microcode - Perl - Ruby - Security - Spotlight - Symptom Framework - WiFi
    last seen2020-06-01
    modified2020-06-02
    plugin id118573
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118573
    titlemacOS and Mac OS X Multiple Vulnerabilities (Security Update 2018-005)