Vulnerabilities > CVE-2017-17439 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
debian
heimdal-project
CWE-476
nessus

Summary

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.

Vulnerable Configurations

Part Description Count
OS
Debian
1
Application
Heimdal_Project
122

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1364.NASL
    descriptionThis update for libheimdal fixes the following issues : - CVE-2017-17439: Remote unauthenticated attackers may have crashed the KDC (boo#1071675)
    last seen2020-06-05
    modified2017-12-14
    plugin id105244
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105244
    titleopenSUSE Security Update : libheimdal (openSUSE-2017-1364)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-1364.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105244);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-17439");
    
      script_name(english:"openSUSE Security Update : libheimdal (openSUSE-2017-1364)");
      script_summary(english:"Check for the openSUSE-2017-1364 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libheimdal fixes the following issues :
    
      - CVE-2017-17439: Remote unauthenticated attackers may
        have crashed the KDC (boo#1071675)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071675"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libheimdal packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"libheimdal-7.4.0-2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libheimdal-debuginfo-7.4.0-2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libheimdal-debugsource-7.4.0-2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"libheimdal-devel-7.4.0-2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-7.4.0-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-debuginfo-7.4.0-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-debugsource-7.4.0-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-devel-7.4.0-6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libheimdal / libheimdal-debuginfo / libheimdal-debugsource / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-876.NASL
    descriptionThis update for libheimdal to version 7.5.0 fixes the following issues : The following security vulnerability was fixed : - CVE-2017-17439: Fixed a remote denial of service vulnerability through which remote unauthenticated attackers were able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm (boo#1071675) The following other bugs were fixed : - Override the build date (boo#1047218) - Use constant hostname (boo#1084909) - Handle long input lines when reloading database dumps - In pre-forked mode, correctly clear the process ids of exited children, allowing new child processes to replace the old. - Fixed incorrect KDC response when no-cross realm TGT exists, allowing client requests to fail quickly rather than time out after trying to get a correct answer from each KDC.
    last seen2020-06-05
    modified2018-08-17
    plugin id111811
    published2018-08-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111811
    titleopenSUSE Security Update : libheimdal (openSUSE-2018-876)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-876.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111811);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-17439");
    
      script_name(english:"openSUSE Security Update : libheimdal (openSUSE-2018-876)");
      script_summary(english:"Check for the openSUSE-2018-876 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for libheimdal to version 7.5.0 fixes the following 
    issues :
    
    The following security vulnerability was fixed :
    
      - CVE-2017-17439: Fixed a remote denial of service
        vulnerability through which remote unauthenticated
        attackers were able to crash the KDC by sending a
        crafted UDP packet containing empty data fields for
        client name or realm (boo#1071675)
    
    The following other bugs were fixed :
    
      - Override the build date (boo#1047218)
    
      - Use constant hostname (boo#1084909)
    
      - Handle long input lines when reloading database dumps
    
      - In pre-forked mode, correctly clear the process ids of
        exited children, allowing new child processes to replace
        the old.
    
      - Fixed incorrect KDC response when no-cross realm TGT
        exists, allowing client requests to fail quickly rather
        than time out after trying to get a correct answer from
        each KDC."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047218"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084909"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libheimdal packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libheimdal-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-7.5.0-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-debuginfo-7.5.0-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-debugsource-7.5.0-9.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libheimdal-devel-7.5.0-9.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libheimdal / libheimdal-debuginfo / libheimdal-debugsource / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4055.NASL
    descriptionMichael Eder and Thomas Kittel discovered that Heimdal, an implementation of Kerberos 5 that aims to be compatible with MIT Kerberos, did not correctly handle ASN.1 data. This would allow an unauthenticated remote attacker to cause a denial of service (crash of the KDC daemon) by sending maliciously crafted packets.
    last seen2020-06-01
    modified2020-06-02
    plugin id105087
    published2017-12-08
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105087
    titleDebian DSA-4055-1 : heimdal - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4055. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105087);
      script_version("3.5");
      script_cvs_date("Date: 2018/11/13 12:30:46");
    
      script_cve_id("CVE-2017-17439");
      script_xref(name:"DSA", value:"4055");
    
      script_name(english:"Debian DSA-4055-1 : heimdal - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Michael Eder and Thomas Kittel discovered that Heimdal, an
    implementation of Kerberos 5 that aims to be compatible with MIT
    Kerberos, did not correctly handle ASN.1 data. This would allow an
    unauthenticated remote attacker to cause a denial of service (crash of
    the KDC daemon) by sending maliciously crafted packets."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/heimdal"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/heimdal"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-4055"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the heimdal packages.
    
    For the stable distribution (stretch), this problem has been fixed in
    version 7.1.0+dfsg-13+deb9u2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:heimdal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"heimdal-clients", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-dbg", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-dev", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-docs", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-kcm", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-kdc", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-multidev", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"heimdal-servers", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libasn1-8-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libgssapi3-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libhcrypto4-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libhdb9-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libheimbase1-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libheimntlm0-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libhx509-5-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libkadm5clnt7-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libkadm5srv8-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libkafs0-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libkdc2-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libkrb5-26-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libotp0-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libroken18-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libsl0-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    if (deb_check(release:"9.0", prefix:"libwind0-heimdal", reference:"7.1.0+dfsg-13+deb9u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F0E5AD250C.NASL
    descriptionUpdate to 7.5.0 GA release (CVE-2017-17439) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id106000
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106000
    titleFedora 27 : heimdal (2017-f0e5ad250c)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-f0e5ad250c.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106000);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-17439");
      script_xref(name:"FEDORA", value:"2017-f0e5ad250c");
    
      script_name(english:"Fedora 27 : heimdal (2017-f0e5ad250c)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 7.5.0 GA release (CVE-2017-17439)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0e5ad250c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected heimdal package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:heimdal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"heimdal-7.5.0-1.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "heimdal");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-2962E58478.NASL
    descriptionUpdate to 7.5.0 GA release (CVE-2017-17439) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-10
    plugin id105706
    published2018-01-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105706
    titleFedora 26 : heimdal (2017-2962e58478)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-2962e58478.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105706);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-17439");
      script_xref(name:"FEDORA", value:"2017-2962e58478");
    
      script_name(english:"Fedora 26 : heimdal (2017-2962e58478)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 7.5.0 GA release (CVE-2017-17439)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2962e58478"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected heimdal package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:heimdal");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"heimdal-7.5.0-1.fc26")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "heimdal");
    }