{"cve": [{"lastseen": "2023-06-13T14:59:31", "description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-08T17:15:00", "type": "cve", "title": "CVE-2019-20367", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2021-04-01T13:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:opensuse:leap:15.1", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2019-20367", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20367", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-06-13T18:11:39", "description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-08T17:15:00", "type": "debiancve", "title": "CVE-2019-20367", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2020-01-08T17:15:00", "id": "DEBIANCVE:CVE-2019-20367", "href": "https://security-tracker.debian.org/tracker/CVE-2019-20367", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "debian": [{"lastseen": "2022-01-06T03:17:24", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2566-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Thorsten Alteholz\nFebruary 18, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : libbsd\nVersion : 0.8.3-1+deb9u1\nCVE ID : CVE-2019-20367\n\n\nAn issue has been found in libbsd, a library with utility functions from \nBSD systems.\nA non-NUL terminated symbol name in the string table might result in an \nout-of-bounds read.\n\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.8.3-1+deb9u1.\n\nWe recommend that you upgrade your libbsd packages.\n\nFor the detailed security status of libbsd please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/libbsd\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-02-18T22:37:39", "type": "debian", "title": "[SECURITY] [DLA 2566-1] libbsd security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2021-02-18T22:37:39", "id": "DEBIAN:DLA-2566-1:791B7", "href": "https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "mageia": [{"lastseen": "2023-06-13T15:33:08", "description": "It was discovered that libbsd incorrectly handled certain strings, due to an out-of-bounds read during a comparison for a symbol name from the string table (strtab) in nlist.c. An attacker could possibly use this issue to access sensitive information (CVE-2019-20367). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-28T07:52:40", "type": "mageia", "title": "Updated libbsd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2020-01-28T07:52:39", "id": "MGASA-2020-0061", "href": "https://advisories.mageia.org/MGASA-2020-0061.html", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:00:19", "description": "This update for libbsd fixes the following issues :\n\n - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "openSUSE Security Update : libbsd (openSUSE-2020-679)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20367"], "modified": "2020-05-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libbsd-ctor-static", "p-cpe:/a:novell:opensuse:libbsd-debugsource", "p-cpe:/a:novell:opensuse:libbsd-devel", "p-cpe:/a:novell:opensuse:libbsd0", "p-cpe:/a:novell:opensuse:libbsd0-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-679.NASL", "href": "https://www.tenable.com/plugins/nessus/136877", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-679.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136877);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/28\");\n\n script_cve_id(\"CVE-2019-20367\");\n\n script_name(english:\"openSUSE Security Update : libbsd (openSUSE-2020-679)\");\n script_summary(english:\"Check for the openSUSE-2020-679 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libbsd fixes the following issues :\n\n - CVE-2019-20367: Fixed an out-of-bounds read during a\n comparison for a symbol names from the string table\n (bsc#1160551).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160551\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libbsd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbsd-ctor-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbsd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbsd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbsd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbsd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbsd-ctor-static-0.8.7-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbsd-debugsource-0.8.7-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbsd-devel-0.8.7-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbsd0-0.8.7-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbsd0-debuginfo-0.8.7-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libbsd-ctor-static / libbsd-debugsource / libbsd-devel / libbsd0 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:00:01", "description": "This update for libbsd fixes the following issues :\n\nCVE-2019-20367: Fixed an out-of-bounds read during a comparison for a symbol names from the string table (bsc#1160551).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libbsd (SUSE-SU-2020:1298-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20367"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libbsd-ctor-static", "p-cpe:/a:novell:suse_linux:libbsd-debugsource", "p-cpe:/a:novell:suse_linux:libbsd-devel", "p-cpe:/a:novell:suse_linux:libbsd0", "p-cpe:/a:novell:suse_linux:libbsd0-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-1298-1.NASL", "href": "https://www.tenable.com/plugins/nessus/136791", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1298-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136791);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-20367\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libbsd (SUSE-SU-2020:1298-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for libbsd fixes the following issues :\n\nCVE-2019-20367: Fixed an out-of-bounds read during a comparison for a\nsymbol names from the string table (bsc#1160551).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20367/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201298-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb2b51b2\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1298=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1298=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-20367\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbsd-ctor-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbsd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbsd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbsd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbsd0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbsd-ctor-static-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbsd-debugsource-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbsd-devel-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbsd0-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbsd0-debuginfo-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbsd-ctor-static-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbsd-debugsource-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbsd-devel-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbsd0-0.8.7-3.3.17\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbsd0-debuginfo-0.8.7-3.3.17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libbsd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:37", "description": "An issue has been found in libbsd, a library with utility functions from BSD systems. A non-NUL terminated symbol name in the string table might result in an out-of-bounds read.\n\nFor Debian 9 stretch, this problem has been fixed in version 0.8.3-1+deb9u1.\n\nWe recommend that you upgrade your libbsd packages.\n\nFor the detailed security status of libbsd please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/libbsd\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-19T00:00:00", "type": "nessus", "title": "Debian DLA-2566-1 : libbsd security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20367"], "modified": "2021-02-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libbsd-dev", "p-cpe:/a:debian:debian_linux:libbsd0", "p-cpe:/a:debian:debian_linux:libbsd0-udeb", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2566.NASL", "href": "https://www.tenable.com/plugins/nessus/146608", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2566-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146608);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/23\");\n\n script_cve_id(\"CVE-2019-20367\");\n\n script_name(english:\"Debian DLA-2566-1 : libbsd security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An issue has been found in libbsd, a library with utility functions\nfrom BSD systems. A non-NUL terminated symbol name in the string table\nmight result in an out-of-bounds read.\n\nFor Debian 9 stretch, this problem has been fixed in version\n0.8.3-1+deb9u1.\n\nWe recommend that you upgrade your libbsd packages.\n\nFor the detailed security status of libbsd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/libbsd\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/libbsd\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/libbsd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade the affected libbsd-dev, libbsd0, and libbsd0-udeb packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbsd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbsd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbsd0-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libbsd-dev\", reference:\"0.8.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbsd0\", reference:\"0.8.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbsd0-udeb\", reference:\"0.8.3-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:55:07", "description": "It was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090)\n\nIt was discovered that libbsd incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information. (CVE-2019-20367).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libbsd vulnerabilities (USN-4243-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2090", "CVE-2019-20367"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libbsd0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4243-1.NASL", "href": "https://www.tenable.com/plugins/nessus/133144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4243-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133144);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2016-2090\", \"CVE-2019-20367\");\n script_xref(name:\"USN\", value:\"4243-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : libbsd vulnerabilities (USN-4243-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that libbsd incorrectly handled certain inputs. An\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM. (CVE-2016-2090)\n\nIt was discovered that libbsd incorrectly handled certain strings. An\nattacker could possibly use this issue to access sensitive\ninformation. (CVE-2019-20367).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4243-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libbsd0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbsd0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|16\\.04|18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 16.04 / 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libbsd0\", pkgver:\"0.8.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libbsd0\", pkgver:\"0.8.7-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libbsd0\", pkgver:\"0.9.1-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libbsd0\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-08-09T18:04:11", "description": "nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a\ncomparison for a symbol name from the string table (strtab).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-01-08T00:00:00", "type": "ubuntucve", "title": "CVE-2019-20367", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2020-01-08T00:00:00", "id": "UB:CVE-2019-20367", "href": "https://ubuntu.com/security/CVE-2019-20367", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-10T08:11:05", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for libbsd fixes the following issues:\n\n - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a\n symbol names from the string table (bsc#1160551).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-679=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-05-23T00:00:00", "type": "suse", "title": "Security update for libbsd (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2020-05-23T00:00:00", "id": "OPENSUSE-SU-2020:0679-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/I5YCPCNFXZXDGVBLPTUXA4KEHHRJUJWW/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:28:29", "description": "libbsd is vulnerable to denial of service. An out-of-bounds read in `nlist.c` during a comparison for a symbol name from the string table (strtab) allows an attacker to crash the application.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-02-23T19:23:56", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20367"], "modified": "2021-02-24T22:26:41", "id": "VERACODE:29463", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-29463/summary", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-28T13:22:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-05-23T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for libbsd (openSUSE-SU-2020:0679-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20367"], "modified": "2020-05-27T00:00:00", "id": "OPENVAS:1361412562310853174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853174", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853174\");\n script_version(\"2020-05-27T04:05:03+0000\");\n script_cve_id(\"CVE-2019-20367\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-27 04:05:03 +0000 (Wed, 27 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-23 03:01:00 +0000 (Sat, 23 May 2020)\");\n script_name(\"openSUSE: Security Advisory for libbsd (openSUSE-SU-2020:0679-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0679-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libbsd'\n package(s) announced via the openSUSE-SU-2020:0679-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for libbsd fixes the following issues:\n\n - CVE-2019-20367: Fixed an out-of-bounds read during a comparison for a\n symbol names from the string table (bsc#1160551).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-679=1\");\n\n script_tag(name:\"affected\", value:\"'libbsd' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libbsd-ctor-static\", rpm:\"libbsd-ctor-static~0.8.7~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbsd-debugsource\", rpm:\"libbsd-debugsource~0.8.7~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbsd-devel\", rpm:\"libbsd-devel~0.8.7~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbsd0\", rpm:\"libbsd0~0.8.7~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbsd0-debuginfo\", rpm:\"libbsd0-debuginfo~0.8.7~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-23T16:32:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for libbsd USN-4243-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20367", "CVE-2016-2090"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562310844299", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844299", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844299\");\n script_version(\"2020-01-23T07:59:05+0000\");\n script_cve_id(\"CVE-2016-2090\", \"CVE-2019-20367\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 07:59:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-21 04:01:23 +0000 (Tue, 21 Jan 2020)\");\n script_name(\"Ubuntu Update for libbsd USN-4243-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4243-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005279.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libbsd'\n package(s) announced via the USN-4243-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that libbsd incorrectly handled certain inputs.\nAn attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090)\n\nIt was discovered that libbsd incorrectly handled certain strings.\nAn attacker could possibly use this issue to access sensitive information.\n(CVE-2019-20367)\");\n\n script_tag(name:\"affected\", value:\"'libbsd' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libbsd0\", ver:\"0.8.7-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libbsd0\", ver:\"0.9.1-2ubuntu0.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libbsd0\", ver:\"0.8.2-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-06-13T15:15:14", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that libbsd incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090)\n\nIt was discovered that libbsd incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information. (CVE-2019-20367)\n\nCVEs contained in this USN include: CVE-2016-2090, CVE-2019-20367.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 621.x versions prior to 621.50\n * 456.x versions prior to 456.93\n * 315.x versions prior to 315.163\n * 250.x versions prior to 250.178\n * 170.x versions prior to 170.198\n * 97.x versions prior to 97.226\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.155.0\n * CF Deployment \n * All versions prior to v12.27.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 621.x versions to 621.50 or greater\n * Upgrade 456.x versions to 456.93 or greater\n * Upgrade 315.x versions to 315.163 or greater\n * Upgrade 250.x versions to 250.178 or greater\n * Upgrade 170.x versions to 170.198 or greater\n * Upgrade 97.x versions to 97.226 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.155.0 or greater\n * CF Deployment \n * Upgrade all versions to v12.27.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4243-1/>)\n * [CVE-2016-2090](<https://vulners.com/cve/CVE-2016-2090>)\n * [CVE-2019-20367](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-20367>)\n\n## History\n\n2020-01-20: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T00:00:00", "type": "cloudfoundry", "title": "USN-4243-1: libbsd vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2090", "CVE-2019-20367"], "modified": "2020-02-05T00:00:00", "id": "CFOUNDRY:807283C4F8EB882A53440AC41176434E", "href": "https://www.cloudfoundry.org/blog/usn-4243-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-06-13T15:29:29", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * libbsd \\- utility functions from BSD systems - development files\n\nIt was discovered that libbsd incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \nThis issue only affected Ubuntu 14.04 ESM. (CVE-2016-2090)\n\nIt was discovered that libbsd incorrectly handled certain strings. \nAn attacker could possibly use this issue to access sensitive information. \n(CVE-2019-20367)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-20T00:00:00", "type": "ubuntu", "title": "libbsd vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2090", "CVE-2019-20367"], "modified": "2020-01-20T00:00:00", "id": "USN-4243-1", "href": "https://ubuntu.com/security/notices/USN-4243-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "kitploit": [{"lastseen": "2023-09-25T05:01:21", "description": "[](<https://blogger.googleusercontent.com/img/a/AVvXsEjsrmhQfDtTdfBPNa6qZgsSf3u30VLPYC3uKiVcyq9ZGHj16L1OT3WrO1HfwDyWXqnHKHPKJbSTz2Whniw57u-WtS5y_mcQsWyfzNYadEoNL2ZgYGTEeORZsjTrJzIDyx8ZUunfcL0CntifHoVg48hyGjYPR8doMybpPRTOwLUqmaUvooKWE3KXcFIO>)\n\n \n\n\nA simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities.\n\n \n\n\nTo install requirements:\n \n \n $ sudo python3 -m pip install -r requirements.txt \n \n\nOverview:\n\nvulnerabilities on local libraries by CoolerVoid Example: $ python3 master_librarian.py -t csv $ python3 master_librarian.py -t txt -l 3 usage: master_librarian.py [-h] -t TYPES [-l LIMIT] optional arguments: -h, --help show this help message and exit -t TYPES, --type TYPES Name of output type for logs(txt or csv) -l LIMIT, --limit LIMIT Limit CVEs per pages in nvd NIST search(default is 3) \">\n \n \n $ python3 master_librarian.py -h \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Example: \n \t$ python3 master_librarian.py -t csv \n \t$ python3 master_librarian.py -t txt -l 3 \n \n usage: master_librarian.py [-h] -t TYPES [-l LIMIT] \n \n optional arguments: \n -h, --help show this help message and exit \n -t TYPES, --type TYPES \n Name of output type for logs(txt or csv) \n -l LIMIT, --limit LIMIT \n Limit CVEs per pages in nvd NIST search(default is 3) \n \n \n\nExample:\n \n \n $ python3 master_librarian.py -t txt \n \n\noutput\n\nvulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. https://nvd.nist.gov/vuln/detail/CVE-2020-13529 2.9 LOW systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. https://nvd.nist.gov/vuln/detail/CVE-2020-13776 6.2 MEDIUM A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. https://nvd.nist.gov/vuln/detail/CVE-2020-1712 4.6 MEDIUM expat 2.2.9 pangocairo 1.44.7 xdmcp 1.1.3 libpcreposix 8.39 ruby-2.7 2.7.0 glib-2.0 2.64.6 gnome-system-tools 3.0.0 xinerama 1.1.4 nunit 2.6.3 gmp 6.2.0 libevent 2.1.11-stable xbuild12 12.0 xorg-sgml-doctools 1.11 presentproto 1.2 gdk-pixbuf-2.0 2.40.0 inputproto 2.3.2 libssl 1.1.1f xcb-shm 1.14 gdk-2.0 2.24.32 libpng16 1.6.37 bigreqsproto 1.1.2 icu-io 66.1 xextproto 7.3.0 libthai 0.1.28 libbsd-overlay 0.10.0 mount 2.34.0 gio-2.0 2.64.6 adwaita-icon-theme 3.36.1 fontconfig 2.13.1 xrandr 1.5.2 monosgen-2 6.8.0.105 mono 6.8.0.105 xf86dgaproto 2.1 dri3proto 1.2 libpcre 8.39 pangoxft 1.44.7 blkid 2.34.0 libsepol 3.0 libevent_openssl 2.1.11-stable uuid 2.34.0 gmodule-2.0 2.64.6 graphite2 3.0.1 libfl 2.6.4 zlib 1.2.11 cairo-pdf 1.16.0 ruby 2.7.0 Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to [denial of service](<https://www.kitploit.com/search/label/Denial%20of%20Service> \"denial of service\" ) when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. https://nvd.nist.gov/vuln/detail/CVE-2021-32740 5.0 MEDIUM An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. https://nvd.nist.gov/vuln/detail/CVE-2020-10933 5.0 MEDIUM libevent_extra 2.1.11-stable system.web.mvc3 3.0.0.0 libstartup-notification-1.0 0.12 mono-2 6.8.0.105 mono-nunit 2.6.3 gobject-2.0 2.64.6 glproto 1.4.17 cairo-ft 1.16.0 cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error. https://nvd.nist.gov/vuln/detail/CVE-2018-19876 4.3 MEDIUM xcb 1.14 Directory traversal vulnerability in Action View in [Ruby on Rails](<https://www.kitploit.com/search/label/Ruby%20on%20Rails> \"Ruby on Rails\" ) before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. https://nvd.nist.gov/vuln/detail/CVE-2016-0752 5.0 MEDIUM fribidi 1.0.8 xtrans 1.4.0 cairo-xlib-xrender 1.16.0 mono-lineeditor 0.2.1 xcmiscproto 1.2.2 gmodule-no-export-2.0 2.64.6 dri2proto 2.8 python3-embed 3.8 libpcre32 8.39 system.web.mvc2 2.0.0.0 dotnet 6.8.0.105 iso-codes 4.4 fontutil 1.3.1 xbitmaps 1.1.1 system.web.extensions_1.0 1.0.61025.0 recordproto 1.14.2 resourceproto 1.2.0 mobile-broadband-provider-info 20190618 videoproto 2.3.3 libevent_core 2.1.11-stable fontsproto 2.1.3 xsp-4 4.2 python3 3.8 In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. https://nvd.nist.gov/vuln/detail/CVE-2020-15801 7.5 HIGH In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. https://nvd.nist.gov/vuln/detail/CVE-2020-15523 6.9 MEDIUM xineramaproto 1.2.1 xcb-render 1.14 libpcre2-32 10.34 libbsd-ctor 0.10.0 libbsd 0.10.0 nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). https://nvd.nist.gov/vuln/detail/CVE-2019-20367 6.4 MEDIUM xft 2.3.3 \">\n \n \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Example: \n \t$ python3 master_librarian.py -t csv \n \t$ python3 master_librarian.py -t txt -l 3 \n \n Master librarian v0.3 \n Tool to search public vulnerabilities on local libraries \n by CoolerVoid \n \n Search pitfalls in operational system local packages \n \n xres 1.2.0 \n cairo-ps 1.16.0 \n xf86vidmodeproto 2.3.1 \n libcrypto 1.1.1f \n damageproto 1.2.1 \n libffi 3.3 \n xfixes 5.0.3 \n \t\tInteger overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2016-7944 \n \t\t7.5 HIGH \n \n system.web.extensions.design_1.0 1.0.61025.0 \n kbproto 1.0.7 \n gio-unix-2.0 2.64.6 \n gdk-x11-2.0 2.24.32 \n sqlite3 3.31.1 \n cairo-png 1.16.0 \n lib pcre2-posix 10.34 \n wcf 6.8.0.105 \n dmxproto 2.3.1 \n cairo-script 1.16.0 \n xext 1.3.4 \n x11 1.6.9 \n system.web.mvc 1.0.0.0 \n mono-cairo 6.8.0.105 \n cecil 6.8.0.105 \n udev 245 \n \t\tThe default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2011-0640 \n \t\t6.9 MEDIUM \n \n \t\tplymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2010-4176 \n \t\t4.0 MEDIUM \n \n xkeyboard-config 2.29 \n bash-completion 2.10 \n yelp-xsl 3.36.0 \n xdamage 1.1.5 \n libgdiplus 6.0.4 \n icu-uc 66.1 \n xcomposite 0.4.5 \n harfbuzz 2.6.4 \n pixman-1 0.38.4 \n pthread-stubs 0.4 \n systemd 245 \n \t\tAn exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-13529 \n \t\t2.9 LOW \n \n \t\tsystemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-13776 \n \t\t6.2 MEDIUM \n \n \t\tA heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-1712 \n \t\t4.6 MEDIUM \n \n expat 2.2.9 \n pangocairo 1.44.7 \n xdmcp 1.1.3 \n libpcreposix 8.39 \n ruby-2.7 2.7.0 \n glib-2.0 2.64.6 \n gnome-system-tools 3.0.0 \n xinerama 1.1.4 \n nunit 2.6.3 \n gmp 6.2.0 \n libevent 2.1.11-stable \n xbuild12 12.0 \n xorg-sgml-doctools 1.11 \n presentproto 1.2 \n gdk-pixbuf-2.0 2.40.0 \n inputproto 2.3.2 \n libssl 1.1.1f \n xcb-shm 1.14 \n gdk-2.0 2.24.32 \n libpng16 1.6.37 \n bigreqsproto 1.1.2 \n icu-io 66.1 \n xextproto 7.3.0 \n libthai 0.1.28 \n libbsd-overlay 0.10.0 \n mount 2.34.0 \n gio-2.0 2.64.6 \n adwaita-icon-theme 3.36.1 \n fontconfig 2.13.1 \n xrandr 1.5.2 \n monosgen-2 6.8.0.105 \n mono 6.8.0.105 \n xf86d gaproto 2.1 \n dri3proto 1.2 \n libpcre 8.39 \n pangoxft 1.44.7 \n blkid 2.34.0 \n libsepol 3.0 \n libevent_openssl 2.1.11-stable \n uuid 2.34.0 \n gmodule-2.0 2.64.6 \n graphite2 3.0.1 \n libfl 2.6.4 \n zlib 1.2.11 \n cairo-pdf 1.16.0 \n ruby 2.7.0 \n \t\tAddressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2 .8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2021-32740 \n \t\t5.0 MEDIUM \n \n \t\tAn issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-10933 \n \t\t5.0 MEDIUM \n \n libevent_extra 2.1.11-stable \n system.web.mvc3 3.0.0.0 \n libstartup-notification-1.0 0.12 \n mono-2 6.8.0.105 \n mono-nunit 2.6.3 \n gobject-2.0 2.64.6 \n glproto 1.4.17 \n cairo-ft 1.16.0 \n \t\tcairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompa tible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2018-19876 \n \t\t4.3 MEDIUM \n \n xcb 1.14 \n \t\tDirectory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2016-0752 \n \t\t5.0 MEDIUM \n \n fribidi 1.0.8 \n xtrans 1.4.0 \n cairo-xlib-xrender 1.16.0 \n mono-lineeditor 0.2.1 \n xcmiscproto 1.2.2 \n gmodule-no-export-2.0 2.64.6 \n dri2proto 2.8 \n python3-embed 3.8 \n libpcre32 8.39 \n system.web.mvc2 2.0.0.0 \n dotnet 6.8.0.105 \n iso-codes 4.4 \n fontutil 1.3.1 \n xbitmaps 1.1.1 \n system.web.extensions_1.0 1.0.61025.0 \n recordproto 1.14.2 \n resourceproto 1. 2.0 \n mobile-broadband-provider-info 20190618 \n videoproto 2.3.3 \n libevent_core 2.1.11-stable \n fontsproto 2.1.3 \n xsp-4 4.2 \n python3 3.8 \n \t\tIn Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-15801 \n \t\t7.5 HIGH \n \n \t\tIn Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2020-15523 \n \t\t6.9 MEDIUM \n \n xineramapro to 1.2.1 \n xcb-render 1.14 \n libpcre2-32 10.34 \n libbsd-ctor 0.10.0 \n libbsd 0.10.0 \n \t\tnlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab). \n \t\thttps://nvd.nist.gov/vuln/detail/CVE-2019-20367 \n \t\t6.4 MEDIUM \n \n xft 2.3.3 \n \n \n\nTested in Ubuntu Linux, Fedora Linux and FreeBSD.\n\nThe purpose of this tool is to use in local pentest, take attention if you have a proper [authorization](<https://www.kitploit.com/search/label/Authorization> \"authorization\" ) before to use that. I do not have responsibility for your actions. You can use a hammer to construct a house or destroy it, choose the law path, don't be a bad guy, remember.\n\n \n \n\n\n**[Download Master_Librarian](<https://github.com/CoolerVoid/master_librarian> \"Download Master_Librarian\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-09T20:30:00", "type": "kitploit", "title": "Master_Librarian - A Simple Tool To Audit Unix/*BSD/Linux System Libraries To Find Public Security Vulnerabilities", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4176", "CVE-2011-0640", "CVE-2016-0752", "CVE-2016-7944", "CVE-2017-1000082", "CVE-2018-19876", "CVE-2019-20367", "CVE-2020-10933", "CVE-2020-13529", "CVE-2020-13776", "CVE-2020-15523", "CVE-2020-15801", "CVE-2020-1712", "CVE-2021-32740"], "modified": "2022-03-09T20:30:00", "id": "KITPLOIT:2401425074991132396", "href": "http://www.kitploit.com/2022/03/masterlibrarian-simple-tool-to-audit.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2019-20367
