Vulnerabilities > CVE-2017-5042 - Missing Encryption of Sensitive Data vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Interception An attacker monitors data streams to or from a target in order to gather information. This attack may be undertaken to gather information to support a later attack or the data collected may be the end goal of the attack. This attack usually involves sniffing network traffic, but may include observing other types of data streams, such as radio. In most varieties of this attack, the attacker is passive and simply observes regular communication, however in some variants the attacker may attempt to initiate the establishment of a data stream or influence the nature of the data transmitted. However, in all variants of this attack, and distinguishing this attack from other data collection methods, the attacker is not the intended recipient of the data stream. Unlike some other data leakage attacks, the attacker is observing explicit data channels (e.g. network traffic) and reading the content. This differs from attacks that collect more qualitative information, such as communication volume, or other information not explicitly communicated via a data stream.
- Screen Temporary Files for Sensitive Information An attacker exploits the temporary, insecure storage of information by monitoring the content of files used to store temp data during an application's routine execution flow. Many applications use temporary files to accelerate processing or to provide records of state across multiple executions of the application. Sometimes, however, these temporary files may end up storing sensitive information. By screening an application's temporary files, an attacker might be able to discover such sensitive information. For example, web browsers often cache content to accelerate subsequent lookups. If the content contains sensitive information then the attacker could recover this from the web cache.
- Sniffing Attacks An attacker monitors information transmitted between logical or physical nodes of a network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. Any transmission medium can theoretically be sniffed if the attacker can listen to the contents between the sender and recipient.
- Sniffing Network Traffic An attacker monitoring network traffic between nodes of a public or multicast network. The attacker need not be able to prevent reception or change content but must simply be able to observe and read the traffic. The attacker might precipitate or indirectly influence the content of the observed transaction, but the attacker is never the intended recipient of the information. This differs from other sniffing attacks in that it is over a public network rather via some other communications channel, such as radio.
- Lifting Sensitive Data from the Client An attacker examines an available client application for the presence of sensitive information. This information may be stored in configuration files, embedded within the application itself, or stored in other ways. Sensitive information may include long-term keys, passwords, credit card or financial information, and other private material that the client uses in its interactions with the server. While servers are (hopefully) protected with professional security administrators, most users may be less skilled at protecting their clients. As a result, the user client may represent a weak link that an attacker can exploit. If an attacker can gain access to a client installation, they may be able to detect and lift sensitive information that could be used directly (such as financial information), or allow the attacker to subvert future communication between the client and the server. In some cases, it may not even be necessary to gain access to another user's installation - if all instances of the client software are embedded with the same sensitive information (for example, long term keys for communication with the server) then the attacker must simply find a way to gain their own copy of the client in order to perform this attack.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201704-02.NASL description The remote host is affected by the vulnerability described in GLSA-201704-02 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 99275 published 2017-04-11 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99275 title GLSA-201704-02 : Chromium: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201704-02. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(99275); script_version("3.9"); script_cvs_date("Date: 2019/12/06"); script_cve_id("CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5038", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5042", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046", "CVE-2017-5052", "CVE-2017-5053", "CVE-2017-5054", "CVE-2017-5055", "CVE-2017-5056"); script_xref(name:"GLSA", value:"201704-02"); script_name(english:"GLSA-201704-02 : Chromium: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201704-02 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Chromium web browser. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201704-02" ); script_set_attribute( attribute:"solution", value: "All Chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/chromium-57.0.2987.133'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:chromium"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/chromium", unaffected:make_list("ge 57.0.2987.133"), vulnerable:make_list("lt 57.0.2987.133"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Chromium"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-353.NASL description Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848) : - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included : - Address broken rendering on non-intel cards last seen 2020-06-05 modified 2017-03-20 plugin id 97817 published 2017-03-20 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97817 title openSUSE Security Update : Chromium (openSUSE-2017-353) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-353. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(97817); script_version("3.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-5029", "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5038", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5042", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046"); script_name(english:"openSUSE Security Update : Chromium (openSUSE-2017-353)"); script_summary(english:"Check for the openSUSE-2017-353 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Chromium was updated to 57.0.2987.98 to fix security issues and bugs. The following vulnerabilities were fixed (bsc#1028848) : - CVE-2017-5030: Memory corruption in V8 - CVE-2017-5031: Use after free in ANGLE - CVE-2017-5032: Out of bounds write in PDFium - CVE-2017-5029: Integer overflow in libxslt - CVE-2017-5034: Use after free in PDFium - CVE-2017-5035: Incorrect security UI in Omnibox - CVE-2017-5036: Use after free in PDFium - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer - CVE-2017-5039: Use after free in PDFium - CVE-2017-5040: Information disclosure in V8 - CVE-2017-5041: Address spoofing in Omnibox - CVE-2017-5033: Bypass of Content Security Policy in Blink - CVE-2017-5042: Incorrect handling of cookies in Cast - CVE-2017-5038: Use after free in GuestView - CVE-2017-5043: Use after free in GuestView - CVE-2017-5044: Heap overflow in Skia - CVE-2017-5045: Information disclosure in XSS Auditor - CVE-2017-5046: Information disclosure in Blink The following non-security changes are included : - Address broken rendering on non-intel cards" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1028848" ); script_set_attribute( attribute:"solution", value:"Update the affected Chromium packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1 / 42.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.1", reference:"chromedriver-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromedriver-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromium-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromium-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"chromium-debugsource-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromedriver-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromedriver-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromium-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromium-debuginfo-57.0.2987.98-105.2") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"chromium-debugsource-57.0.2987.98-105.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromedriver / chromedriver-debuginfo / chromium / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-0499.NASL description An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 57.0.2987.98. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5039, CVE-2017-5033, CVE-2017-5038, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046) last seen 2020-05-31 modified 2017-03-14 plugin id 97718 published 2017-03-14 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97718 title RHEL 6 : chromium-browser (RHSA-2017:0499) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2017:0499. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(97718); script_version("3.16"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/29"); script_cve_id("CVE-2017-5029", "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5038", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5042", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046"); script_xref(name:"RHSA", value:"2017:0499"); script_name(english:"RHEL 6 : chromium-browser (RHSA-2017:0499)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Chromium is an open source web browser, powered by WebKit (Blink). This update upgrades Chromium to version 57.0.2987.98. Security Fix(es) : * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. (CVE-2017-5029, CVE-2017-5030, CVE-2017-5031, CVE-2017-5032, CVE-2017-5034, CVE-2017-5035, CVE-2017-5036, CVE-2017-5037, CVE-2017-5039, CVE-2017-5033, CVE-2017-5038, CVE-2017-5040, CVE-2017-5041, CVE-2017-5042, CVE-2017-5043, CVE-2017-5044, CVE-2017-5045, CVE-2017-5046)" ); script_set_attribute( attribute:"see_also", value:"https://chromereleases.googleblog.com/2017/03/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:0499" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5029" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5030" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5031" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5032" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5033" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5034" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5035" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5036" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5037" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5038" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5039" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5040" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5041" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5042" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5043" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5044" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5045" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2017-5046" ); script_set_attribute( attribute:"solution", value: "Update the affected chromium-browser and / or chromium-browser-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:chromium-browser-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2017:0499"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"chromium-browser-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"chromium-browser-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"chromium-browser-debuginfo-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"chromium-browser-debuginfo-57.0.2987.98-1.el6", allowmaj:TRUE)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium-browser / chromium-browser-debuginfo"); } }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A505D397075811E78D8BE8E0B747A45A.NASL description Google Chrome Releases reports : 36 security fixes in this release Please reference CVE/URL list for details last seen 2020-06-01 modified 2020-06-02 plugin id 97689 published 2017-03-13 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97689 title FreeBSD : chromium -- multiple vulnerabilities (a505d397-0758-11e7-8d8b-e8e0b747a45a) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2019 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(97689); script_version("3.9"); script_cvs_date("Date: 2019/12/06"); script_cve_id("CVE-2017-5029", "CVE-2017-5030", "CVE-2017-5031", "CVE-2017-5032", "CVE-2017-5033", "CVE-2017-5034", "CVE-2017-5035", "CVE-2017-5036", "CVE-2017-5037", "CVE-2017-5038", "CVE-2017-5039", "CVE-2017-5040", "CVE-2017-5041", "CVE-2017-5042", "CVE-2017-5043", "CVE-2017-5044", "CVE-2017-5045", "CVE-2017-5046"); script_name(english:"FreeBSD : chromium -- multiple vulnerabilities (a505d397-0758-11e7-8d8b-e8e0b747a45a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Google Chrome Releases reports : 36 security fixes in this release Please reference CVE/URL list for details" ); # https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0d061769" ); # https://vuxml.freebsd.org/freebsd/a505d397-0758-11e7-8d8b-e8e0b747a45a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?86b96e4a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium-npapi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:chromium-pulse"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/09"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"chromium<57.0.2987.98")) flag++; if (pkg_test(save_report:TRUE, pkg:"chromium-npapi<57.0.2987.98")) flag++; if (pkg_test(save_report:TRUE, pkg:"chromium-pulse<57.0.2987.98")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3810.NASL description Several vulnerabilities have been discovered in the chromium web browser. - CVE-2017-5029 Holger Fuhrmannek discovered an integer overflow issue in the libxslt library. - CVE-2017-5030 Brendon Tiszka discovered a memory corruption issue in the v8 JavaScript library. - CVE-2017-5031 Looben Yang discovered a use-after-free issue in the ANGLE library. - CVE-2017-5032 Ashfaq Ansari discovered an out-of-bounds write in the pdfium library. - CVE-2017-5033 Nicolai Grodum discovered a way to bypass the Content Security Policy. - CVE-2017-5034 Ke Liu discovered an integer overflow issue in the pdfium library. - CVE-2017-5035 Enzo Aguado discovered an issue with the omnibox. - CVE-2017-5036 A use-after-free issue was discovered in the pdfium library. - CVE-2017-5037 Yongke Wang discovered multiple out-of-bounds write issues. - CVE-2017-5038 A use-after-free issue was discovered in the guest view. - CVE-2017-5039 jinmo123 discovered a use-after-free issue in the pdfium library. - CVE-2017-5040 Choongwoo Han discovered an information disclosure issue in the v8 JavaScript library. - CVE-2017-5041 Jordi Chancel discovered an address spoofing issue. - CVE-2017-5042 Mike Ruddy discovered incorrect handling of cookies. - CVE-2017-5043 Another use-after-free issue was discovered in the guest view. - CVE-2017-5044 Kushal Arvind Shah discovered a heap overflow issue in the skia library. - CVE-2017-5045 Dhaval Kapil discovered an information disclosure issue. - CVE-2017-5046 Masato Kinugawa discovered an information disclosure issue. last seen 2020-06-01 modified 2020-06-02 plugin id 97783 published 2017-03-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97783 title Debian DSA-3810-1 : chromium-browser - security update NASL family MacOS X Local Security Checks NASL id MACOSX_GOOGLE_CHROME_57_0_2987_98.NASL description The version of Google Chrome installed on the remote macOS or Mac OS X host is prior to 57.0.2987.98. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition condition exists in libxslt in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write error, resulting in the execution of arbitrary code. (CVE-2017-5029) - A flaw exists in Google V8 in the ArrayConcatVisitor class in builtins-array.cc due to improper handling of JSProxy species. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2017-5030) - A use-after-free error exists in the ANGLE component due to improper handling of buffer storage operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5031) - An overflow condition exists in Google PDFium in the GetTextRunInfo() function in pdfium_page.cc that is triggered when processing text runs. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to execute arbitrary code. (CVE-2017-5032) - A security bypass vulnerability exists in the initContentSecurityPolicy() function in Document.cpp due to local schemes not inheriting the content security policy. An unauthenticated, remote attacker can exploit this to bypass the content security policy. (CVE-2017-5033) - A flaw exists in the OpenJPEG component in the m_mct_records() function in j2k.c due to improper handling of specially crafted JPEG2000 files. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-5034) - An unspecified flaw exists in the RendererDidNavigateToExistingPage() function in navigation_controller_impl.cc that occurs when handling data from the renderer process. An unauthenticated, remote attacker can exploit this to have an unspecified impact on the security UI. (CVE-2017-5035) - A use-after-free error exists in Google PDFium in the Document class in Document.h due to improper handling of last seen 2020-06-01 modified 2020-06-02 plugin id 97725 published 2017-03-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97725 title Google Chrome < 57.0.2987.98 Multiple Vulnerabilities (macOS) NASL family Windows NASL id GOOGLE_CHROME_57_0_2987_98.NASL description The version of Google Chrome installed on the remote Windows host is prior to 57.0.2987.98. It is, therefore, affected by the following vulnerabilities : - An integer overflow condition condition exists in libxslt in the xsltAddTextString() function in transform.c due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause an out-of-bounds write error, resulting in the execution of arbitrary code. (CVE-2017-5029) - A flaw exists in Google V8 in the ArrayConcatVisitor class in builtins-array.cc due to improper handling of JSProxy species. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2017-5030) - A use-after-free error exists in the ANGLE component due to improper handling of buffer storage operations. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-5031) - An overflow condition exists in Google PDFium in the GetTextRunInfo() function in pdfium_page.cc that is triggered when processing text runs. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to execute arbitrary code. (CVE-2017-5032) - A security bypass vulnerability exists in the initContentSecurityPolicy() function in Document.cpp due to local schemes not inheriting the content security policy. An unauthenticated, remote attacker can exploit this to bypass the content security policy. (CVE-2017-5033) - A flaw exists in the OpenJPEG component in the m_mct_records() function in j2k.c due to improper handling of specially crafted JPEG2000 files. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2017-5034) - An unspecified flaw exists in the RendererDidNavigateToExistingPage() function in navigation_controller_impl.cc that occurs when handling data from the renderer process. An unauthenticated, remote attacker can exploit this to have an unspecified impact on the security UI. (CVE-2017-5035) - A use-after-free error exists in Google PDFium in the Document class in Document.h due to improper handling of last seen 2020-06-01 modified 2020-06-02 plugin id 97724 published 2017-03-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97724 title Google Chrome < 57.0.2987.98 Multiple Vulnerabilities
Redhat
advisories |
| ||||
rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
- http://rhn.redhat.com/errata/RHSA-2017-0499.html
- http://www.debian.org/security/2017/dsa-3810
- http://www.debian.org/security/2017/dsa-3810
- http://www.securityfocus.com/bid/96767
- http://www.securityfocus.com/bid/96767
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop.html
- https://crbug.com/671932
- https://crbug.com/671932
- https://security.gentoo.org/glsa/201704-02
- https://security.gentoo.org/glsa/201704-02