Vulnerabilities > CVE-2017-14933 - Infinite Loop vulnerability in GNU Binutils 2.29
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201811-17.NASL description The remote host is affected by the vulnerability described in GLSA-201811-17 (Binutils: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details. Impact : A remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 119162 published 2018-11-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119162 title GLSA-201811-17 : Binutils: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201811-17. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(119162); script_version("1.1"); script_cvs_date("Date: 2018/11/27 13:31:29"); script_cve_id("CVE-2017-14933", "CVE-2017-16826", "CVE-2017-16827", "CVE-2017-16828", "CVE-2017-16829", "CVE-2017-16830", "CVE-2017-16831", "CVE-2017-16832", "CVE-2017-17080", "CVE-2017-17121", "CVE-2017-17122", "CVE-2017-17123", "CVE-2017-17124", "CVE-2017-17125", "CVE-2017-17126", "CVE-2018-6543", "CVE-2018-6759", "CVE-2018-6872", "CVE-2018-7208", "CVE-2018-7568", "CVE-2018-7569", "CVE-2018-7570", "CVE-2018-7642", "CVE-2018-7643", "CVE-2018-8945"); script_xref(name:"GLSA", value:"201811-17"); script_name(english:"GLSA-201811-17 : Binutils: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201811-17 (Binutils: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Binutils. Please review the referenced CVE identifiers for details. Impact : A remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201811-17" ); script_set_attribute( attribute:"solution", value: "All Binutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-devel/binutils-2.30-r2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-devel/binutils", unaffected:make_list("ge 2.30-r2"), vulnerable:make_list("lt 2.30-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Binutils"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0016_BINUTILS.NASL description An update of the binutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121915 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121915 title Photon OS 2.0: Binutils PHSA-2018-2.0-0016 code # # (C) Tenable Network Security, Inc.` # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(121915); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id( "CVE-2017-14930", "CVE-2017-14932", "CVE-2017-14933", "CVE-2017-14934", "CVE-2017-14938", "CVE-2017-14939", "CVE-2017-14940", "CVE-2017-14974", "CVE-2017-17080", "CVE-2017-17123" ); script_name(english:"Photon OS 2.0: Binutils PHSA-2018-2.0-0016"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the binutils package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-16.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8817"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-debuginfo-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"binutils-devel-2.30-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0104.NASL description An update of 'binutils' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111916 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111916 title Photon OS 1.0: Binutils PHSA-2018-1.0-0104 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0104. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111916); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-13716", "CVE-2017-14930", "CVE-2017-14932", "CVE-2017-14933", "CVE-2017-14934", "CVE-2017-14938", "CVE-2017-14939", "CVE-2017-14940", "CVE-2017-14974", "CVE-2017-15021", "CVE-2017-15022", "CVE-2017-15023", "CVE-2017-15024", "CVE-2017-15025", "CVE-2017-17080", "CVE-2017-17123" ); script_name(english:"Photon OS 1.0: Binutils PHSA-2018-1.0-0104 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of 'binutils' packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-1.0-104 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c3e3a7b7"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13716"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-1.ph1", "binutils-debuginfo-2.30-1.ph1", "binutils-devel-2.30-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-1_0-0104_BINUTILS.NASL description An update of the binutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 121805 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121805 title Photon OS 1.0: Binutils PHSA-2018-1.0-0104 code # # (C) Tenable Network Security, Inc.` # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-1.0-0104. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(121805); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id( "CVE-2017-13716", "CVE-2017-14930", "CVE-2017-14932", "CVE-2017-14933", "CVE-2017-14934", "CVE-2017-14938", "CVE-2017-14939", "CVE-2017-14940", "CVE-2017-14974", "CVE-2017-15021", "CVE-2017-15022", "CVE-2017-15023", "CVE-2017-15024", "CVE-2017-15025", "CVE-2017-17080", "CVE-2017-17123" ); script_name(english:"Photon OS 1.0: Binutils PHSA-2018-1.0-0104"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the binutils package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-104.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13716"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/01"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-debuginfo-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"binutils-devel-2.30-1.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0016.NASL description An update of {'linux', 'curl', 'binutils', 'postgresql', 'libtiff'} packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111286 published 2018-07-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111286 title Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111286); script_version("1.3"); script_cvs_date("Date: 2019/04/05 23:25:07"); script_cve_id( "CVE-2017-8816", "CVE-2017-8817", "CVE-2017-9935", "CVE-2017-14930", "CVE-2017-14932", "CVE-2017-14933", "CVE-2017-14934", "CVE-2017-14938", "CVE-2017-14939", "CVE-2017-14940", "CVE-2017-14974", "CVE-2017-17080", "CVE-2017-17123", "CVE-2018-1052", "CVE-2018-1053", "CVE-2018-5344", "CVE-2018-1000007" ); script_bugtraq_id( 99296, 101200, 101201, 101203, 101204, 101212, 101216, 101280, 101998, 102057, 102503, 102986, 102987 ); script_name(english:"Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of {'linux', 'curl', 'binutils', 'postgresql', 'libtiff'} packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-16 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f4921835"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8816"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtiff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "binutils-2.30-1.ph2", "binutils-debuginfo-2.30-1.ph2", "binutils-devel-2.30-1.ph2", "curl-7.58.0-1.ph2", "curl-debuginfo-7.58.0-1.ph2", "curl-devel-7.58.0-1.ph2", "curl-libs-7.58.0-1.ph2", "libtiff-4.0.9-2.ph2", "libtiff-debuginfo-4.0.9-2.ph2", "libtiff-devel-4.0.9-2.ph2", "linux-4.9.80-1.ph2", "linux-api-headers-4.9.80-1.ph2", "linux-aws-4.9.80-1.ph2", "linux-aws-debuginfo-4.9.80-1.ph2", "linux-aws-devel-4.9.80-1.ph2", "linux-aws-docs-4.9.80-1.ph2", "linux-aws-drivers-gpu-4.9.80-1.ph2", "linux-aws-oprofile-4.9.80-1.ph2", "linux-aws-sound-4.9.80-1.ph2", "linux-aws-tools-4.9.80-1.ph2", "linux-debuginfo-4.9.80-1.ph2", "linux-devel-4.9.80-1.ph2", "linux-docs-4.9.80-1.ph2", "linux-drivers-gpu-4.9.80-1.ph2", "linux-esx-4.9.80-1.ph2", "linux-esx-debuginfo-4.9.80-1.ph2", "linux-esx-devel-4.9.80-1.ph2", "linux-esx-docs-4.9.80-1.ph2", "linux-oprofile-4.9.80-1.ph2", "linux-secure-4.9.80-1.ph2", "linux-secure-debuginfo-4.9.80-1.ph2", "linux-secure-devel-4.9.80-1.ph2", "linux-secure-docs-4.9.80-1.ph2", "linux-secure-lkcm-4.9.80-1.ph2", "linux-sound-4.9.80-1.ph2", "linux-tools-4.9.80-1.ph2", "postgresql-9.6.7-1.ph2", "postgresql-debuginfo-9.6.7-1.ph2", "postgresql-devel-9.6.7-1.ph2", "postgresql-libs-9.6.7-1.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux / postgresql / binutils / curl / libtiff"); }
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=22210
- http://www.securityfocus.com/bid/101203
- https://security.gentoo.org/glsa/201811-17
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=33e0a9a056bd23e923b929a4f2ab049ade0b1c32
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573