Vulnerabilities > CVE-2017-6891 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
gnu
debian
apache
CWE-787
nessus

Summary

Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.

Vulnerable Configurations

Part Description Count
Application
Gnu
1
Application
Apache
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1312.NASL
    descriptionAccording to the version of the libtasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Two errors in the
    last seen2020-05-06
    modified2019-05-01
    plugin id124439
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124439
    titleEulerOS 2.0 SP3 : libtasn1 (EulerOS-SA-2019-1312)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124439);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-6891"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : libtasn1 (EulerOS-SA-2019-1312)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libtasn1 packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - Two errors in the 'asn1_find_node()' function
        (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10
        can be exploited to cause a stacked-based buffer
        overflow by tricking a user into processing a specially
        crafted assignments file via the e.g. asn1Coding
        utility.(CVE-2017-6891)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1312
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4f85b90c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libtasn1 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtasn1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtasn1-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libtasn1-4.10-1.h2",
            "libtasn1-devel-4.10-1.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-950.NASL
    descriptionSecunia Research has discovered multiple vulnerabilities in GnuTLS libtasn1, which can be exploited by malicious people to compromise a vulnerable system. Two errors in the
    last seen2020-03-17
    modified2017-05-24
    plugin id100360
    published2017-05-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100360
    titleDebian DLA-950-1 : libtasn1-3 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-950-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100360);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2017-6891");
    
      script_name(english:"Debian DLA-950-1 : libtasn1-3 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Secunia Research has discovered multiple vulnerabilities in GnuTLS
    libtasn1, which can be exploited by malicious people to compromise a
    vulnerable system.
    
    Two errors in the 'asn1_find_node()' function (lib/parser_aux.c) can
    be exploited to cause a stacked-based buffer overflow.
    
    Successful exploitation of the vulnerabilities allows execution of
    arbitrary code but requires tricking a user into processing a
    specially crafted assignments file by e.g. asn1Coding utility.
    
    For Debian 7 'Wheezy', this problem has been fixed in version
    2.13-2+deb7u4.
    
    We recommend that you upgrade your libtasn1-3 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2017/05/msg00021.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/libtasn1-3"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtasn1-3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtasn1-3-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtasn1-3-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtasn1-3-dev");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"libtasn1-3", reference:"2.13-2+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libtasn1-3-bin", reference:"2.13-2+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libtasn1-3-dbg", reference:"2.13-2+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libtasn1-3-dev", reference:"2.13-2+deb7u4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3309-1.NASL
    descriptionJakub Jirasek discovered that GnuTLS incorrectly handled certain assignments files. If a user were tricked into processing a specially crafted assignments file, a remote attacker could possibly execute arbirary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100633
    published2017-06-06
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100633
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libtasn1-6 vulnerability (USN-3309-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3309-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100633);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/18 12:31:47");
    
      script_cve_id("CVE-2017-6891");
      script_xref(name:"USN", value:"3309-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : libtasn1-6 vulnerability (USN-3309-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jakub Jirasek discovered that GnuTLS incorrectly handled certain
    assignments files. If a user were tricked into processing a specially
    crafted assignments file, a remote attacker could possibly execute
    arbirary code.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3309-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtasn1-6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtasn1-6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|16\.10|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 16.10 / 17.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libtasn1-6", pkgver:"3.4-3ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libtasn1-6", pkgver:"4.7-3ubuntu0.16.04.2")) flag++;
    if (ubuntu_check(osver:"16.10", pkgname:"libtasn1-6", pkgver:"4.9-4ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"17.04", pkgname:"libtasn1-6", pkgver:"4.10-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1-6");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-5115BAF0E6.NASL
    descriptionUpdate to 4.12 (#1456190) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101634
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101634
    titleFedora 26 : libtasn1 (2017-5115baf0e6)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-5115baf0e6.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101634);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-6891");
      script_xref(name:"FEDORA", value:"2017-5115baf0e6");
    
      script_name(english:"Fedora 26 : libtasn1 (2017-5115baf0e6)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 4.12 (#1456190)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-5115baf0e6"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtasn1 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtasn1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"libtasn1-4.12-1.fc26")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-C7C3F7ED26.NASL
    descriptionUpdate to 4.12 (#1456190) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-06-06
    plugin id100627
    published2017-06-06
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100627
    titleFedora 25 : libtasn1 (2017-c7c3f7ed26)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-c7c3f7ed26.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100627);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-6891");
      script_xref(name:"FEDORA", value:"2017-c7c3f7ed26");
    
      script_name(english:"Fedora 25 : libtasn1 (2017-c7c3f7ed26)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to 4.12 (#1456190)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c7c3f7ed26"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libtasn1 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libtasn1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"libtasn1-4.12-1.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201710-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201710-11 (GNU Libtasn1: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU Libtasn1. Please review the referenced CVE identifiers for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id103846
    published2017-10-16
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103846
    titleGLSA-201710-11 : GNU Libtasn1: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201710-11.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103846);
      script_version("$Revision: 3.2 $");
      script_cvs_date("$Date: 2018/01/26 17:15:58 $");
    
      script_cve_id("CVE-2017-10790", "CVE-2017-6891");
      script_xref(name:"GLSA", value:"201710-11");
    
      script_name(english:"GLSA-201710-11 : GNU Libtasn1: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201710-11
    (GNU Libtasn1: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in GNU Libtasn1. Please
          review the referenced CVE identifiers for details.
      
    Impact :
    
        A remote attacker could possibly execute arbitrary code with the
          privileges of the process, cause a Denial of Service condition, or have
          other unspecified impacts.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201710-11"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All GNU Libtasn1 users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=dev-libs/libtasn1-4.12-r1'
        Packages which depend on this library may need to be recompiled. Tools
          such as revdep-rebuild may assist in identifying some of these packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libtasn1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-libs/libtasn1", unaffected:make_list("ge 4.12-r1"), vulnerable:make_list("lt 4.12-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU Libtasn1");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1311.NASL
    descriptionAccording to the version of the libtasn1 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Two errors in the
    last seen2020-05-06
    modified2019-05-01
    plugin id124438
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124438
    titleEulerOS 2.0 SP2 : libtasn1 (EulerOS-SA-2019-1311)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124438);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2017-6891"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : libtasn1 (EulerOS-SA-2019-1311)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libtasn1 packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - Two errors in the 'asn1_find_node()' function
        (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10
        can be exploited to cause a stacked-based buffer
        overflow by tricking a user into processing a specially
        crafted assignments file via the e.g. asn1Coding
        utility.(CVE-2017-6891)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1311
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?241175f7");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libtasn1 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtasn1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtasn1-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libtasn1-4.10-1.h2",
            "libtasn1-devel-4.10-1.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtasn1");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3861.NASL
    descriptionJakub Jirasek of Secunia Research discovered that libtasn1, a library used to handle Abstract Syntax Notation One structures, did not properly validate its input. This would allow an attacker to cause a crash by denial-of-service, or potentially execute arbitrary code, by tricking a user into processing a maliciously crafted assignments file.
    last seen2020-06-01
    modified2020-06-02
    plugin id100392
    published2017-05-25
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100392
    titleDebian DSA-3861-1 : libtasn1-6 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3861. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100392);
      script_version("3.8");
      script_cvs_date("Date: 2018/11/10 11:49:38");
    
      script_cve_id("CVE-2017-6891");
      script_xref(name:"DSA", value:"3861");
    
      script_name(english:"Debian DSA-3861-1 : libtasn1-6 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jakub Jirasek of Secunia Research discovered that libtasn1, a library
    used to handle Abstract Syntax Notation One structures, did not
    properly validate its input. This would allow an attacker to cause a
    crash by denial-of-service, or potentially execute arbitrary code, by
    tricking a user into processing a maliciously crafted assignments
    file."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/libtasn1-6"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-3861"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the libtasn1-6 packages.
    
    For the stable distribution (jessie), this problem has been fixed in
    version 4.2-3+deb8u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtasn1-6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"libtasn1-3-bin", reference:"4.2-3+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libtasn1-6", reference:"4.2-3+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libtasn1-6-dbg", reference:"4.2-3+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libtasn1-6-dev", reference:"4.2-3+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libtasn1-bin", reference:"4.2-3+deb8u3")) flag++;
    if (deb_check(release:"8.0", prefix:"libtasn1-doc", reference:"4.2-3+deb8u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1886-1.NASL
    descriptionThis update for gnutls fixes the following issues : - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write in OpenPGP certificate decoding was fixed (bsc#1034173) - CVE-2017-6891: A potential stack-based buffer overflow in the bundled libtasn1 was fixed (bsc#1040621) - An address read of 4 bytes past the end of buffer in OpenPGP certificate parsing was fixed (bsc#1038337) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101768
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101768
    titleSUSE SLES11 Security Update : gnutls (SUSE-SU-2017:1886-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:1886-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101768);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2017-6891", "CVE-2017-7869");
    
      script_name(english:"SUSE SLES11 Security Update : gnutls (SUSE-SU-2017:1886-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for gnutls fixes the following issues :
    
      - GNUTLS-SA-2017-3 / CVE-2017-7869: An out-of-bounds write
        in OpenPGP certificate decoding was fixed (bsc#1034173)
    
      - CVE-2017-6891: A potential stack-based buffer overflow
        in the bundled libtasn1 was fixed (bsc#1040621)
    
      - An address read of 4 bytes past the end of buffer in
        OpenPGP certificate parsing was fixed (bsc#1038337)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038337"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6891/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7869/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20171886-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bbc63be8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-gnutls-13212=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-gnutls-13212=1
    
    SUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t
    patch slehasp4-gnutls-13212=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-gnutls-13212=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-extra26");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls26");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libgnutls26-32bit-2.4.1-24.39.70.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libgnutls26-32bit-2.4.1-24.39.70.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"gnutls-2.4.1-24.39.70.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libgnutls-extra26-2.4.1-24.39.70.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"libgnutls26-2.4.1-24.39.70.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1335.NASL
    descriptionAccording to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Two errors in the
    last seen2020-03-19
    modified2018-10-26
    plugin id118423
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118423
    titleEulerOS Virtualization 2.5.1 : libtasn1 (EulerOS-SA-2018-1335)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1379-1.NASL
    descriptionThis update for libtasn1 fixes the following issues : Security issues fixed : CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125592
    published2019-05-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125592
    titleSUSE SLED12 / SLES12 Security Update : libtasn1 (SUSE-SU-2019:1379-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1162.NASL
    descriptionAccording to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Two errors in the
    last seen2020-03-19
    modified2019-04-09
    plugin id123848
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123848
    titleEulerOS Virtualization 2.5.3 : libtasn1 (EulerOS-SA-2019-1162)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D5CF1A55CE.NASL
    descriptionNoteworthy changes in release 4.11 (released 2017-05-27) [stable] - Introduced the ASN1_TIME_ENCODING_ERROR error code to indicate an invalid encoding in the DER time fields. - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME. This flag allows decoding errors in time fields even when in strict DER mode. That is introduced in order to allow toleration of invalid times in X.509 certificates (which are common) even though strict DER adherence is enforced in other fields. - Added safety check in asn1_find_node(). That prevents a crash when a very long variable name is provided by the developer. Note that this to be exploited requires controlling the ASN.1 definitions used by the developer, i.e., the
    last seen2020-06-05
    modified2017-07-17
    plugin id101725
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101725
    titleFedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1334.NASL
    descriptionAccording to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Two errors in the
    last seen2020-03-19
    modified2018-10-26
    plugin id118422
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118422
    titleEulerOS Virtualization 2.5.0 : libtasn1 (EulerOS-SA-2018-1334)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1082.NASL
    descriptionAccording to the version of the libtasn1 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Two errors in the
    last seen2020-06-01
    modified2020-06-02
    plugin id122704
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122704
    titleEulerOS Virtualization 2.5.2 : libtasn1 (EulerOS-SA-2019-1082)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1510.NASL
    descriptionThis update for libtasn1 fixes the following issues : Security issues fixed : - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). - CVE-2017-6891: Fixed a stack overflow in asn1_find_node() (bsc#1040621). This update was imported from the SUSE:SLE-12-SP3:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id125757
    published2019-06-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125757
    titleopenSUSE Security Update : libtasn1 (openSUSE-2019-1510)

References