Vulnerabilities > CVE-2018-6594 - Inadequate Encryption Strength vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
dlitz
debian
canonical
CWE-326
nessus

Summary

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Brute Force
    In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset. Examples of secrets can include, but are not limited to, passwords, encryption keys, database lookup keys, and initial values to one-way functions. The key factor in this attack is the attackers' ability to explore the possible secret space rapidly. This, in turn, is a function of the size of the secret space and the computational power the attacker is able to bring to bear on the problem. If the attacker has modest resources and the secret space is large, the challenge facing the attacker is intractable. While the defender cannot control the resources available to an attacker, they can control the size of the secret space. Creating a large secret space involves selecting one's secret from as large a field of equally likely alternative secrets as possible and ensuring that an attacker is unable to reduce the size of this field using available clues or cryptanalysis. Doing this is more difficult than it sounds since elimination of patterns (which, in turn, would provide an attacker clues that would help them reduce the space of potential secrets) is difficult to do using deterministic machines, such as computers. Assuming a finite secret space, a brute force attack will eventually succeed. The defender must rely on making sure that the time and resources necessary to do so will exceed the value of the information. For example, a secret space that will likely take hundreds of years to explore is likely safe from raw-brute force attacks.
  • Encryption Brute Forcing
    An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0037.NASL
    descriptionAn update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111297
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111297
    titlePhoton OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111297);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2017-12627",
        "CVE-2017-18207",
        "CVE-2018-1303",
        "CVE-2018-2573",
        "CVE-2018-2583",
        "CVE-2018-2612",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2703",
        "CVE-2018-6594",
        "CVE-2018-6951",
        "CVE-2018-7208",
        "CVE-2018-7549",
        "CVE-2018-7643",
        "CVE-2018-7738",
        "CVE-2018-7750",
        "CVE-2018-8740",
        "CVE-2018-1000030",
        "CVE-2018-1000116",
        "CVE-2018-1000117",
        "CVE-2018-1000132"
      );
      script_bugtraq_id(
        102678,
        102681,
        102682,
        102704,
        102706,
        102708,
        102709,
        102710,
        103044,
        103077,
        103219,
        103264,
        103367,
        103466,
        103522,
        103713,
        104527
      );
    
      script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch',
    'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux',
    'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been
    released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-2-37
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "binutils-2.30-4.ph2",
      "binutils-debuginfo-2.30-4.ph2",
      "binutils-devel-2.30-4.ph2",
      "mercurial-4.5.3-1.ph2",
      "mercurial-debuginfo-4.5.3-1.ph2",
      "mysql-5.7.21-1.ph2",
      "mysql-debuginfo-5.7.21-1.ph2",
      "mysql-devel-5.7.21-1.ph2",
      "net-snmp-5.7.3-8.ph2",
      "net-snmp-debuginfo-5.7.3-8.ph2",
      "net-snmp-devel-5.7.3-8.ph2",
      "paramiko-2.1.5-1.ph2",
      "patch-2.7.5-5.ph2",
      "patch-debuginfo-2.7.5-5.ph2",
      "pmd-python2-0.0.5-5.ph2",
      "pmd-python3-0.0.5-5.ph2",
      "pycrypto-2.6.1-4.ph2",
      "pycrypto-debuginfo-2.6.1-4.ph2",
      "python2-2.7.13-12.ph2",
      "python2-debuginfo-2.7.13-12.ph2",
      "python2-devel-2.7.13-12.ph2",
      "python2-libs-2.7.13-12.ph2",
      "python2-test-2.7.13-12.ph2",
      "python2-tools-2.7.13-12.ph2",
      "python3-3.6.5-1.ph2",
      "python3-curses-3.6.5-1.ph2",
      "python3-debuginfo-3.6.5-1.ph2",
      "python3-devel-3.6.5-1.ph2",
      "python3-libs-3.6.5-1.ph2",
      "python3-paramiko-2.1.5-1.ph2",
      "python3-paramiko-2.1.5-1.ph2",
      "python3-pip-3.6.5-1.ph2",
      "python3-pycrypto-2.6.1-4.ph2",
      "python3-pycrypto-2.6.1-4.ph2",
      "python3-setuptools-3.6.5-1.ph2",
      "python3-test-3.6.5-1.ph2",
      "python3-tools-3.6.5-1.ph2",
      "python3-xml-3.6.5-1.ph2",
      "sqlite-3.22.0-2.ph2",
      "sqlite-debuginfo-3.22.0-2.ph2",
      "sqlite-devel-3.22.0-2.ph2",
      "sqlite-libs-3.22.0-2.ph2",
      "util-linux-2.32-1.ph2",
      "util-linux-debuginfo-2.32-1.ph2",
      "util-linux-devel-2.32-1.ph2",
      "util-linux-lang-2.32-1.ph2",
      "util-linux-libs-2.32-1.ph2",
      "xerces-c-3.2.1-1.ph2",
      "xerces-c-debuginfo-3.2.1-1.ph2",
      "xerces-c-devel-3.2.1-1.ph2",
      "zsh-5.3.1-6.ph2",
      "zsh-debuginfo-5.3.1-6.ph2",
      "zsh-html-5.3.1-6.ph2"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-977.NASL
    descriptionWeak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading ciphertext : lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto
    last seen2020-06-01
    modified2020-06-02
    plugin id108602
    published2018-03-27
    reporterThis script is Copyright (C) 2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/108602
    titleAmazon Linux AMI : python-crypto (ALAS-2018-977)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2018-977.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108602);
      script_version("1.2");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2018-6594");
      script_xref(name:"ALAS", value:"2018-977");
    
      script_name(english:"Amazon Linux AMI : python-crypto (ALAS-2018-977)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to
    obtain sensitive information by reading ciphertext :
    
    lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates
    weak ElGamal key parameters, which allows attackers to obtain
    sensitive information by reading ciphertext data (i.e., it does not
    have semantic security in face of a ciphertext-only attack). The
    Decisional Diffie-Hellman (DDH) assumption does not hold for
    PyCrypto's ElGamal implementation. (CVE-2018-6594)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2018-977.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update python-crypto' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-crypto-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-crypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-crypto");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"python-crypto-debuginfo-2.6.1-1.15.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"python26-crypto-2.6.1-1.15.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"python27-crypto-2.6.1-1.15.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-crypto-debuginfo / python26-crypto / python27-crypto");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-913C225B49.NASL
    descriptionThe textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes a fix for this problem backported from pycryptodome. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-02-28
    plugin id107033
    published2018-02-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107033
    titleFedora 27 : python-crypto (2018-913c225b49)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-913c225b49.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(107033);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-6594");
      script_xref(name:"FEDORA", value:"2018-913c225b49");
    
      script_name(english:"Fedora 27 : python-crypto (2018-913c225b49)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The textbook ElGamal implementation is not secure. PyCrypto and some
    other implementations use the wrong algorithm, which may lead to some
    information disclosure simply by looking at the encrypted text. For a
    full description, see https://github.com/dlitz/pycrypto/issues/253
    
    This update includes a fix for this problem backported from
    pycryptodome.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-913c225b49"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python-crypto package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-crypto");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC27", reference:"python-crypto-2.6.1-22.fc27")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-crypto");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0126.NASL
    descriptionAn update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111930
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111930
    titlePhoton OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111930);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2017-9022",
        "CVE-2017-9023",
        "CVE-2017-12627",
        "CVE-2017-15710",
        "CVE-2017-15715",
        "CVE-2017-18207",
        "CVE-2018-1301",
        "CVE-2018-1302",
        "CVE-2018-1303",
        "CVE-2018-2573",
        "CVE-2018-2583",
        "CVE-2018-2612",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2703",
        "CVE-2018-6594",
        "CVE-2018-6951",
        "CVE-2018-7208",
        "CVE-2018-7643",
        "CVE-2018-7750",
        "CVE-2018-8740",
        "CVE-2018-1000116",
        "CVE-2018-1000117",
        "CVE-2018-1000132"
      );
    
      script_name(english:"Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto',
    'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c',
    'strongswan', 'net-snmp' packages of Photon OS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-1.0-126
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22ce6999");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "binutils-2.30-3.ph1",
      "binutils-debuginfo-2.30-3.ph1",
      "binutils-devel-2.30-3.ph1",
      "httpd-2.4.33-1.ph1",
      "httpd-debuginfo-2.4.33-1.ph1",
      "httpd-devel-2.4.33-1.ph1",
      "httpd-docs-2.4.33-1.ph1",
      "httpd-tools-2.4.33-1.ph1",
      "mercurial-4.5.3-1.ph1",
      "mercurial-debuginfo-4.5.3-1.ph1",
      "mysql-5.7.21-1.ph1",
      "mysql-debuginfo-5.7.21-1.ph1",
      "mysql-devel-5.7.21-1.ph1",
      "net-snmp-5.7.3-5.ph1",
      "net-snmp-debuginfo-5.7.3-5.ph1",
      "net-snmp-devel-5.7.3-5.ph1",
      "paramiko-1.17.6-1.ph1",
      "patch-2.7.5-3.ph1",
      "patch-debuginfo-2.7.5-3.ph1",
      "pycrypto-2.6.1-5.ph1",
      "pycrypto-debuginfo-2.6.1-5.ph1",
      "python3-3.5.4-2.ph1",
      "python3-debuginfo-3.5.4-2.ph1",
      "python3-devel-3.5.4-2.ph1",
      "python3-libs-3.5.4-2.ph1",
      "python3-paramiko-1.17.6-1.ph1",
      "python3-pycrypto-2.6.1-5.ph1",
      "python3-tools-3.5.4-2.ph1",
      "sqlite-autoconf-3.22.0-2.ph1",
      "sqlite-autoconf-debuginfo-3.22.0-2.ph1",
      "strongswan-5.5.2-1.ph1",
      "strongswan-debuginfo-5.5.2-1.ph1",
      "xerces-c-3.2.1-1.ph1",
      "xerces-c-debuginfo-3.2.1-1.ph1",
      "xerces-c-devel-3.2.1-1.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / httpd / mercurial / mysql / net / paramiko / patch / pycrypto / python3 / sqlite / strongswan / xerces");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1283.NASL
    descriptionThis is an update to DLA-1283-1. In DLA-1283-1 it is claimed that the issue described in CVE-2018-6594 is fixed. It turns out that the fix is partial and upstream has decided not to fix the issue as it would break compatibility and that ElGamal encryption was not intended to work on its own. The recommendation is still to upgrade python-crypto packages. In addition please take into account that the fix is not complete. If you have an application using python-crypto is implementing ElGamal encryption you should consider changing to some other encryption method. There will be no further update to python-crypto for this specific CVE. A fix would break compatibility, the problem has been ignored by regular Debian Security team due to its minor nature and in addition to that we are close to the end of life of the Wheezy security support. CVE-2018-6594 : python-crypto generated weak ElGamal key parameters, which allowed attackers to obtain sensitive information by reading ciphertext data (i.e., it did not have semantic security in face of a ciphertext-only attack). We recommend that you upgrade your python-crypto packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2018-02-15
    plugin id106819
    published2018-02-15
    reporterThis script is Copyright (C) 2018-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/106819
    titleDebian DLA-1283-2 : python-crypto security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-1283-2. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106819);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_name(english:"Debian DLA-1283-2 : python-crypto security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This is an update to DLA-1283-1. In DLA-1283-1 it is claimed that the
    issue described in CVE-2018-6594 is fixed. It turns out that the fix
    is partial and upstream has decided not to fix the issue as it would
    break compatibility and that ElGamal encryption was not intended to
    work on its own.
    
    The recommendation is still to upgrade python-crypto packages. In
    addition please take into account that the fix is not complete. If you
    have an application using python-crypto is implementing ElGamal
    encryption you should consider changing to some other encryption
    method.
    
    There will be no further update to python-crypto for this specific
    CVE. A fix would break compatibility, the problem has been ignored by
    regular Debian Security team due to its minor nature and in addition
    to that we are close to the end of life of the Wheezy security
    support.
    
    CVE-2018-6594 :
    
    python-crypto generated weak ElGamal key parameters, which allowed
    attackers to obtain sensitive information by reading ciphertext data
    (i.e., it did not have semantic security in face of a ciphertext-only
    attack).
    
    We recommend that you upgrade your python-crypto packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2018/04/msg00006.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/python-crypto"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_attribute(attribute:"risk_factor", value:"High");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:ND");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-crypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-crypto-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-crypto-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-crypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-crypto-dbg");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"python-crypto", reference:"2.6-4+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"python-crypto-dbg", reference:"2.6-4+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"python-crypto-doc", reference:"2.6-4+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"python3-crypto", reference:"2.6-4+deb7u8")) flag++;
    if (deb_check(release:"7.0", prefix:"python3-crypto-dbg", reference:"2.6-4+deb7u8")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-0C75CC72BC.NASL
    descriptionThe textbook ElGamal implementation is not secure. PyCrypto and some other implementations use the wrong algorithm, which may lead to some information disclosure simply by looking at the encrypted text. For a full description, see https://github.com/dlitz/pycrypto/issues/253 This update includes a fix for this problem backported from pycryptodome. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-03-07
    plugin id107155
    published2018-03-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107155
    titleFedora 26 : python-crypto (2018-0c75cc72bc)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-0c75cc72bc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(107155);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-6594");
      script_xref(name:"FEDORA", value:"2018-0c75cc72bc");
    
      script_name(english:"Fedora 26 : python-crypto (2018-0c75cc72bc)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The textbook ElGamal implementation is not secure. PyCrypto and some
    other implementations use the wrong algorithm, which may lead to some
    information disclosure simply by looking at the encrypted text. For a
    full description, see https://github.com/dlitz/pycrypto/issues/253
    
    This update includes a fix for this problem backported from
    pycryptodome.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c75cc72bc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python-crypto package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-crypto");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC26", reference:"python-crypto-2.6.1-22.fc26")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-crypto");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3616-1.NASL
    descriptionIt was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id108833
    published2018-04-04
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108833
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : python-crypto vulnerability (USN-3616-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3616-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108833);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2018-6594");
      script_xref(name:"USN", value:"3616-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : python-crypto vulnerability (USN-3616-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Python Crypto incorrectly generated ElGamal key
    parameters. A remote attacker could possibly use this issue to obtain
    sensitive information.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3616-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected python-crypto and / or python3-crypto packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-crypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python3-crypto");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"python-crypto", pkgver:"2.6.1-4ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"python3-crypto", pkgver:"2.6.1-4ubuntu0.3")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python-crypto", pkgver:"2.6.1-6ubuntu0.16.04.3")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"python3-crypto", pkgver:"2.6.1-6ubuntu0.16.04.3")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"python-crypto", pkgver:"2.6.1-7ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"python3-crypto", pkgver:"2.6.1-7ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-crypto / python3-crypto");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0126_PYCRYPTO.NASL
    descriptionAn update of the pycrypto package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121827
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121827
    titlePhoton OS 1.0: Pycrypto PHSA-2018-1.0-0126