Vulnerabilities > CVE-2018-18313 - Out-of-bounds Read vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2018-CA03363D57.NASL description Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120786 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120786 title Fedora 28 : 4:perl (2018-ca03363d57) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-ca03363d57. # include("compat.inc"); if (description) { script_id(120786); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314"); script_xref(name:"FEDORA", value:"2018-ca03363d57"); script_name(english:"Fedora 28 : 4:perl (2018-ca03363d57)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-ca03363d57" ); script_set_attribute( attribute:"solution", value:"Update the affected 4:perl package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:4:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"perl-5.26.3-415.fc28", epoch:"4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "4:perl"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3834-1.NASL description Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-13 modified 2018-12-04 plugin id 119337 published 2018-12-04 reporter Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119337 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : perl vulnerabilities (USN-3834-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3834-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(119337); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/19"); script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314"); script_xref(name:"USN", value:"3834-1"); script_xref(name:"IAVA", value:"2018-A-0407-S"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : perl vulnerabilities (USN-3834-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-18311) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312) Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313) Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3834-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|18\.04|18\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 18.04 / 18.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"perl", pkgver:"5.18.2-2ubuntu1.7")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"perl", pkgver:"5.22.1-9ubuntu0.6")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"perl", pkgver:"5.26.1-6ubuntu0.3")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"perl", pkgver:"5.26.2-7ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201909-01.NASL description The remote host is affected by the vulnerability described in GLSA-201909-01 (Perl: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 128590 published 2019-09-09 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128590 title GLSA-201909-01 : Perl: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201909-01. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(128590); script_version("1.2"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314", "CVE-2018-6797", "CVE-2018-6798", "CVE-2018-6913"); script_xref(name:"GLSA", value:"201909-01"); script_name(english:"GLSA-201909-01 : Perl: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201909-01 (Perl: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201909-01" ); script_set_attribute( attribute:"solution", value: "All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.28.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/09"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.28.2"), vulnerable:make_list("lt 5.28.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1029.NASL description This update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123159 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123159 title openSUSE Security Update : perl (openSUSE-2019-1029) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1029. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123159); script_version("1.2"); script_cvs_date("Date: 2020/01/31"); script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314"); script_name(english:"openSUSE Security Update : perl (openSUSE-2019-1029)"); script_summary(english:"Check for the openSUSE-2019-1029 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114674" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114681" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114686" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"perl-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"perl-base-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"perl-base-debuginfo-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"perl-debuginfo-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"perl-debugsource-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-32bit-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-lp150.6.6.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-lp150.6.6.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-32bit / perl-32bit-debuginfo / perl / perl-base-32bit / etc"); }
NASL family MacOS X Local Security Checks NASL id MACOS_10_14_4.NASL description The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.4. It is, therefore, affected by multiple vulnerabilities, including: - Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges. (CVE-2019-8508) - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8549) last seen 2020-06-01 modified 2020-06-02 plugin id 123128 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123128 title macOS 10.14.x < 10.14.4 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123128); script_version("1.7"); script_cvs_date("Date: 2020/01/31"); script_cve_id( "CVE-2018-12015", "CVE-2018-18311", "CVE-2018-18313", "CVE-2019-6207", "CVE-2019-6237", "CVE-2019-6239", "CVE-2019-7293", "CVE-2019-8502", "CVE-2019-8504", "CVE-2019-8507", "CVE-2019-8508", "CVE-2019-8510", "CVE-2019-8511", "CVE-2019-8513", "CVE-2019-8514", "CVE-2019-8516", "CVE-2019-8517", "CVE-2019-8519", "CVE-2019-8520", "CVE-2019-8521", "CVE-2019-8522", "CVE-2019-8526", "CVE-2019-8527", "CVE-2019-8529", "CVE-2019-8530", "CVE-2019-8533", "CVE-2019-8537", "CVE-2019-8540", "CVE-2019-8542", "CVE-2019-8545", "CVE-2019-8546", "CVE-2019-8549", "CVE-2019-8550", "CVE-2019-8552", "CVE-2019-8555", "CVE-2019-8561", "CVE-2019-8565" ); script_bugtraq_id(104423, 106072, 106145); script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-3-25-2"); script_name(english:"macOS 10.14.x < 10.14.4 Multiple Vulnerabilities"); script_summary(english:"Checks the version of Mac OS X / macOS."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS update that fixes multiple security vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.4. It is, therefore, affected by multiple vulnerabilities, including: - Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges. (CVE-2019-8508) - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A malicious application may be able to execute arbitrary code with system privileges (CVE-2019-8549)"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209600"); # https://lists.apple.com/archives/security-announce/2019/Mar/msg00001.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71533e9d"); script_set_attribute(attribute:"solution", value: "Upgrade to macOS version 10.14.4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8527"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X Feedback Assistant Race Condition'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); fix = "10.14.4"; minver = "10.14"; os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "macOS / Mac OS X"); matches = pregmatch(pattern:"Mac OS X ([0-9]+(\.[0-9]+)+)", string:os); if (empty_or_null(matches)) exit(1, "Failed to parse the macOS / Mac OS X version ('" + os + "')."); version = matches[1]; if (ver_compare(ver:version, minver:minver, fix:fix, strict:FALSE) == -1) { security_report_v4( port:0, severity:SECURITY_HOLE, extra: '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n' ); } else audit(AUDIT_INST_VER_NOT_VULN, "macOS / Mac OS X", version);
NASL family MacOS X Local Security Checks NASL id MACOS_SECUPD_10_13_6_2019-002.NASL description The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A local user may be able to read kernel memory. (CVE-2019-8504) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi last seen 2020-03-18 modified 2019-03-27 plugin id 123130 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123130 title macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123130); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13"); script_cve_id( "CVE-2018-12015", "CVE-2018-18311", "CVE-2018-18313", "CVE-2019-6207", "CVE-2019-8504", "CVE-2019-8510", "CVE-2019-8513", "CVE-2019-8520", "CVE-2019-8521", "CVE-2019-8522", "CVE-2019-8526", "CVE-2019-8527", "CVE-2019-8529", "CVE-2019-8555", "CVE-2019-8561", "CVE-2019-8564" ); script_bugtraq_id(104423, 106072, 106145); script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-3-25-2"); script_name(english:"macOS 10.13.6 Multiple Vulnerabilities (Security Update 2019-002)"); script_summary(english:"Checks for the presence of Security Update 2019-002 (APPLE-SA-2019-3-25-2)"); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS security update that fixes multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running macOS 10.13.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - An application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8529) - A local user may be able to read kernel memory. (CVE-2019-8504) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209600"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209635"); # https://lists.apple.com/archives/security-announce/2019/Mar/msg00001.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71533e9d"); script_set_attribute(attribute:"solution", value: "Install Security Update 2019-002 or later for 10.13.6."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8527"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include('lists.inc'); include('vcf.inc'); include('vcf_extras_apple.inc'); app_info = vcf::apple::macos::get_app_info(); constraints = [ { 'min_version' : '10.13', 'max_version' : '10.13.6', 'fixed_build': '17G6029', 'fixed_display' : '10.13.6 Security Update 2019-002' } ]; vcf::apple::macos::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family MacOS X Local Security Checks NASL id MACOS_SECUPD_10_12_6_2019-002.NASL description The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8555) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - A malicious application may be able to read restricted memory. (CVE-2019-8520) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi last seen 2020-06-01 modified 2020-06-02 plugin id 123129 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123129 title macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123129); script_version("1.8"); script_cvs_date("Date: 2020/01/31"); script_cve_id( "CVE-2018-12015", "CVE-2018-18311", "CVE-2018-18313", "CVE-2019-6207", "CVE-2019-8508", "CVE-2019-8510", "CVE-2019-8513", "CVE-2019-8520", "CVE-2019-8521", "CVE-2019-8522", "CVE-2019-8526", "CVE-2019-8527", "CVE-2019-8530", "CVE-2019-8540", "CVE-2019-8555", "CVE-2019-8561", "CVE-2019-8564" ); script_bugtraq_id(104423, 106072, 106145); script_xref(name:"APPLE-SA", value:"APPLE-SA-2019-3-25-2"); script_name(english:"macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-002)"); script_summary(english:"Checks for the presence of Security Update 2019-002."); script_set_attribute(attribute:"synopsis", value: "The remote host is missing a macOS or Mac OS X security update that fixes multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host is running Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities including: - A malicious application may be able to execute arbitrary code with kernel privileges. (CVE-2019-8555) - A malicious application may be able to determine kernel memory layout. (CVE-2019-6207, CVE-2019-8510) - A malicious application may be able to read restricted memory. (CVE-2019-8520) - 802.1X - DiskArbitration - Feedback Assistant - IOKit - IOKit SCSI - Kernel - PackageKit - Perl - Security - Time Machine - Wi-Fi"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209600"); script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT209635"); # https://lists.apple.com/archives/security-announce/2019/Mar/msg00001.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71533e9d"); script_set_attribute(attribute:"solution", value: "Install Security Update 2019-002 or later for 10.12.x."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8527"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Mac OS X TimeMachine (tmdiagnose) Command Injection Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:macos"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "Host/MacOSX/packages/boms"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); # Compare 2 patch numbers to determine if patch requirements are satisfied. # Return true if this patch or a later patch is applied # Return false otherwise function check_patch(year, number) { local_var p_split = split(patch, sep:"-"); local_var p_year = int( p_split[0]); local_var p_num = int( p_split[1]); if (year > p_year) return TRUE; else if (year < p_year) return FALSE; else if (number >= p_num) return TRUE; else return FALSE; } get_kb_item_or_exit("Host/local_checks_enabled"); os = get_kb_item_or_exit("Host/MacOSX/Version"); if (!preg(pattern:"Mac OS X 10\.12\.6([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X 10.12.6"); patch = "2019-002"; packages = get_kb_item_or_exit("Host/MacOSX/packages/boms", exit_code:1); sec_boms_report = pgrep( pattern:"^com\.apple\.pkg\.update\.(security\.|os\.SecUpd).*bom$", string:packages ); sec_boms = split(sec_boms_report, sep:'\n'); foreach package (sec_boms) { # Grab patch year and number matches = pregmatch(pattern:"[^0-9](20[0-9][0-9])[-.]([0-9]{3})[^0-9]", string:package); if (empty_or_null(matches)) continue; if (empty_or_null(matches[1]) || empty_or_null(matches[2])) continue; patch_found = check_patch(year:int(matches[1]), number:int(matches[2])); if (patch_found) exit(0, "The host has Security Update " + patch + " or later installed and is therefore not affected."); } report = '\n Missing security update : ' + patch; report += '\n Installed security BOMs : '; if (sec_boms_report) report += str_replace(find:'\n', replace:'\n ', string:sec_boms_report); else report += 'n/a'; report += '\n'; security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4347.NASL description Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input. - CVE-2018-18312 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution. - CVE-2018-18313 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow read during compilation which leads to information leak. - CVE-2018-18314 Jakub Wilk discovered that a specially crafted regular expression could lead to a heap-based buffer overflow. last seen 2020-06-01 modified 2020-06-02 plugin id 119290 published 2018-11-30 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119290 title Debian DSA-4347-1 : perl - security update code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-4347. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(119290); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/19"); script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314"); script_xref(name:"DSA", value:"4347"); script_xref(name:"IAVA", value:"2018-A-0407-S"); script_name(english:"Debian DSA-4347-1 : perl - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-18311 Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input. - CVE-2018-18312 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution. - CVE-2018-18313 Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow read during compilation which leads to information leak. - CVE-2018-18314 Jakub Wilk discovered that a specially crafted regular expression could lead to a heap-based buffer overflow." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-18311" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-18312" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-18313" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-18314" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/perl" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/stretch/perl" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2018/dsa-4347" ); script_set_attribute( attribute:"solution", value: "Upgrade the perl packages. For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"9.0", prefix:"libperl-dev", reference:"5.24.1-3+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"libperl5.24", reference:"5.24.1-3+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"perl", reference:"5.24.1-3+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"perl-base", reference:"5.24.1-3+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"perl-debug", reference:"5.24.1-3+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"perl-doc", reference:"5.24.1-3+deb9u5")) flag++; if (deb_check(release:"9.0", prefix:"perl-modules-5.24", reference:"5.24.1-3+deb9u5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4187-1.NASL description This update for perl fixes the following issues : Secuirty issues fixed : CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-18 modified 2019-01-02 plugin id 120189 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120189 title SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:4187-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2018:4187-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(120189); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16"); script_cve_id("CVE-2018-18311", "CVE-2018-18312", "CVE-2018-18313", "CVE-2018-18314"); script_name(english:"SUSE SLED15 / SLES15 Security Update : perl (SUSE-SU-2018:4187-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for perl fixes the following issues : Secuirty issues fixed : CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1114674" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1114675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1114681" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1114686" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18311/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18312/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18313/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-18314/" ); # https://www.suse.com/support/update/announcement/2018/suse-su-20184187-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1f588e88" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Development Tools 15:zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2018-2984=1 SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-2984=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:perl-debugsource"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"perl-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"perl-base-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"perl-base-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"perl-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"perl-debugsource-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-32bit-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"perl-base-32bit-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"perl-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"perl-base-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"perl-base-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"perl-debuginfo-5.26.1-7.6.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"perl-debugsource-5.26.1-7.6.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1595.NASL description This update for perl fixes the following issues : Secuirty issues fixed : - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-12-24 plugin id 119863 published 2018-12-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119863 title openSUSE Security Update : perl (openSUSE-2018-1595) NASL family Fedora Local Security Checks NASL id FEDORA_2018-9DBE983805.NASL description Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120656 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120656 title Fedora 29 : 4:perl (2018-9dbe983805) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-2_0-0135_PERL.NASL description An update of the perl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122912 published 2019-03-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122912 title Photon OS 2.0: Perl PHSA-2019-2.0-0135 NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0212_PERL.NASL description An update of the perl package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122923 published 2019-03-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122923 title Photon OS 1.0: Perl PHSA-2019-1.0-0212
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://seclists.org/fulldisclosure/2019/Mar/49
- http://seclists.org/fulldisclosure/2019/Mar/49
- http://www.securitytracker.com/id/1042181
- http://www.securitytracker.com/id/1042181
- https://access.redhat.com/errata/RHSA-2019:0001
- https://access.redhat.com/errata/RHSA-2019:0001
- https://access.redhat.com/errata/RHSA-2019:0010
- https://access.redhat.com/errata/RHSA-2019:0010
- https://bugzilla.redhat.com/show_bug.cgi?id=1646738
- https://bugzilla.redhat.com/show_bug.cgi?id=1646738
- https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
- https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://metacpan.org/changes/release/SHAY/perl-5.26.3
- https://rt.perl.org/Ticket/Display.html?id=133192
- https://rt.perl.org/Ticket/Display.html?id=133192
- https://seclists.org/bugtraq/2019/Mar/42
- https://seclists.org/bugtraq/2019/Mar/42
- https://security.gentoo.org/glsa/201909-01
- https://security.gentoo.org/glsa/201909-01
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://security.netapp.com/advisory/ntap-20190221-0003/
- https://support.apple.com/kb/HT209600
- https://support.apple.com/kb/HT209600
- https://usn.ubuntu.com/3834-1/
- https://usn.ubuntu.com/3834-1/
- https://usn.ubuntu.com/3834-2/
- https://usn.ubuntu.com/3834-2/
- https://www.debian.org/security/2018/dsa-4347
- https://www.debian.org/security/2018/dsa-4347
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html