Vulnerabilities > CVE-2019-19906 - Off-by-one Error vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Vulnerable Configurations

Part Description Count
Application
Cyrusimap
1
Application
Redhat
1
Application
Apache
1
OS
Debian
3
OS
Canonical
5
OS
Fedoraproject
2
OS
Redhat
13
OS
Apple
167
OS
Centos
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2044.NASL
    descriptionThere has been an out-of-bounds write in Cyrus SASL leading to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id132344
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132344
    titleDebian DLA-2044-1 : cyrus-sasl2 security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-2044-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132344);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-19906");
    
      script_name(english:"Debian DLA-2044-1 : cyrus-sasl2 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "There has been an out-of-bounds write in Cyrus SASL leading to
    unauthenticated remote denial of service in OpenLDAP via a malformed
    LDAP packet. The OpenLDAP crash was ultimately caused by an off-by-one
    error in _sasl_add_string in common.c in cyrus-sasl.
    
    For Debian 8 'Jessie', this problem has been fixed in version
    2.1.26.dfsg1-13+deb8u2.
    
    We recommend that you upgrade your cyrus-sasl2 packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/cyrus-sasl2"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-heimdal-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2-mit-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-db");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-heimdal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-gssapi-mit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-otp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsasl2-modules-sql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sasl2-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"cyrus-sasl2-dbg", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"cyrus-sasl2-doc", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"cyrus-sasl2-heimdal-dbg", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"cyrus-sasl2-mit-dbg", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-2", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-dev", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules-db", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules-ldap", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules-otp", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"libsasl2-modules-sql", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    if (deb_check(release:"8.0", prefix:"sasl2-bin", reference:"2.1.26.dfsg1-13+deb8u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-BF829F9A84.NASL
    descriptionSecurity fix for CVE 2019 19906 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-10
    modified2020-04-06
    plugin id135214
    published2020-04-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135214
    titleFedora 31 : cyrus-sasl (2020-bf829f9a84)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2020-bf829f9a84.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135214);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/08");
    
      script_cve_id("CVE-2019-19906");
      script_xref(name:"FEDORA", value:"2020-bf829f9a84");
    
      script_name(english:"Fedora 31 : cyrus-sasl (2020-bf829f9a84)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE 2019 19906
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-bf829f9a84"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cyrus-sasl package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-sasl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC31", reference:"cyrus-sasl-2.1.27-3.fc31")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1377.NASL
    descriptionAccording to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-15
    plugin id135506
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135506
    titleEulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2020-1377)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135506);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2019-19906"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : cyrus-sasl (EulerOS-SA-2020-1377)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the cyrus-sasl packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds
        write leading to unauthenticated remote
        denial-of-service in OpenLDAP via a malformed LDAP
        packet. The OpenLDAP crash is ultimately caused by an
        off-by-one error in _sasl_add_string in common.c in
        cyrus-sasl.(CVE-2019-19906)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1377
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f02ceaae");
      script_set_attribute(attribute:"solution", value:
    "Update the affected cyrus-sasl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-scram");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["cyrus-sasl-2.1.26-20.h1",
            "cyrus-sasl-devel-2.1.26-20.h1",
            "cyrus-sasl-gssapi-2.1.26-20.h1",
            "cyrus-sasl-lib-2.1.26-20.h1",
            "cyrus-sasl-md5-2.1.26-20.h1",
            "cyrus-sasl-plain-2.1.26-20.h1",
            "cyrus-sasl-scram-2.1.26-20.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1336.NASL
    descriptionAccording to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-07
    modified2020-04-02
    plugin id135123
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135123
    titleEulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135123);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");
    
      script_cve_id(
        "CVE-2019-19906"
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the cyrus-sasl packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerability :
    
      - In GNU patch through 2.7.6, the following of symlinks
        is mishandled in certain cases other than input files.
        This affects inp.c and util.c.(CVE-2019-19906)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1336
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9d1b33b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected cyrus-sasl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["cyrus-sasl-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-gssapi-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-lib-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-md5-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-plain-2.1.27-0.3rc7.h2.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0283_CYRUS.NASL
    descriptionAn update of the cyrus package has been released.
    last seen2020-03-17
    modified2020-03-11
    plugin id134425
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134425
    titlePhoton OS 1.0: Cyrus PHSA-2020-1.0-0283
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-1.0-0283. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(134425);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");
    
      script_cve_id("CVE-2019-19906");
    
      script_name(english:"Photon OS 1.0: Cyrus PHSA-2020-1.0-0283");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the cyrus package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-283.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/11");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cyrus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"cyrus-sasl-2.1.26-11.ph1")) flag++;
    if (rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"cyrus-sasl-debuginfo-2.1.26-11.ph1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4256-1.NASL
    descriptionIt was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133352
    published2020-01-30
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133352
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : cyrus-sasl2 vulnerability (USN-4256-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-4256-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133352);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/03");
    
      script_cve_id("CVE-2019-19906");
      script_xref(name:"USN", value:"4256-1");
    
      script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : cyrus-sasl2 vulnerability (USN-4256-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that Cyrus SASL incorrectly handled certain LDAP
    packets. An attacker could possibly use this issue to execute
    arbitrary code or cause a denial of service.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/4256-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libsasl2-2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsasl2-2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"libsasl2-2", pkgver:"2.1.26.dfsg1-14ubuntu0.2")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libsasl2-2", pkgver:"2.1.27~101-g0780600+dfsg-3ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"19.10", pkgname:"libsasl2-2", pkgver:"2.1.27+dfsg-1ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsasl2-2");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1145.NASL
    descriptionAccording to the version of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.(CVE-2019-19906) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-02-25
    plugin id133979
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133979
    titleEulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2020-1145)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133979);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-19906"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : cyrus-sasl (EulerOS-SA-2020-1145)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the cyrus-sasl packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds
        write leading to unauthenticated remote
        denial-of-service in OpenLDAP via a malformed LDAP
        packet. The OpenLDAP crash is ultimately caused by an
        off-by-one error in _sasl_add_string in common.c in
        cyrus-sasl.(CVE-2019-19906)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1145
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?448fbbc0");
      script_set_attribute(attribute:"solution", value:
    "Update the affected cyrus-sasl package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gs2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-ntlm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-scram");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["cyrus-sasl-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-devel-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-gs2-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-gssapi-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-ldap-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-lib-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-md5-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-ntlm-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-plain-2.1.27-0.3rc7.h2.eulerosv2r8",
            "cyrus-sasl-scram-2.1.27-0.3rc7.h2.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4591.NASL
    descriptionStephan Zeisberg reported an out-of-bounds write vulnerability in the _sasl_add_string() function in cyrus-sasl2, a library implementing the Simple Authentication and Security Layer. A remote attacker can take advantage of this issue to cause denial-of-service conditions for applications using the library.
    last seen2020-06-01
    modified2020-06-02
    plugin id132347
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132347
    titleDebian DSA-4591-1 : cyrus-sasl2 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4591. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132347);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2019-19906");
      script_xref(name:"DSA", value:"4591");
    
      script_name(english:"Debian DSA-4591-1 : cyrus-sasl2 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Stephan Zeisberg reported an out-of-bounds write vulnerability in the
    _sasl_add_string() function in cyrus-sasl2, a library implementing the
    Simple Authentication and Security Layer. A remote attacker can take
    advantage of this issue to cause denial-of-service conditions for
    applications using the library."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/cyrus-sasl2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/cyrus-sasl2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/buster/cyrus-sasl2"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4591"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the cyrus-sasl2 packages.
    
    For the oldstable distribution (stretch), this problem has been fixed
    in version 2.1.27~101-g0780600+dfsg-3+deb9u1.
    
    For the stable distribution (buster), this problem has been fixed in
    version 2.1.27+dfsg-1+deb10u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:cyrus-sasl2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"10.0", prefix:"cyrus-sasl2-doc", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-2", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-dev", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules-db", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules-ldap", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules-otp", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libsasl2-modules-sql", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"sasl2-bin", reference:"2.1.27+dfsg-1+deb10u1")) flag++;
    if (deb_check(release:"9.0", prefix:"cyrus-sasl2-doc", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-2", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-dev", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules-db", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules-gssapi-heimdal", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules-gssapi-mit", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules-ldap", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules-otp", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"libsasl2-modules-sql", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    if (deb_check(release:"9.0", prefix:"sasl2-bin", reference:"2.1.27~101-g0780600+dfsg-3+deb9u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0077_CYRUS.NASL
    descriptionAn update of the cyrus package has been released.
    last seen2020-04-14
    modified2020-04-10
    plugin id135300
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135300
    titlePhoton OS 3.0: Cyrus PHSA-2020-3.0-0077
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-3.0-0077. The text
    # itself is copyright (C) VMware, Inc.
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135300);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/13");
    
      script_cve_id("CVE-2019-19906");
    
      script_name(english:"Photon OS 3.0: Cyrus PHSA-2020-3.0-0077");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the cyrus package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-77.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cyrus");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"cyrus-sasl-2.1.26-15.ph3")) flag++;
    if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"cyrus-sasl-debuginfo-2.1.26-15.ph3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus");
    }
    

References