ID CVE-2018-3630 Type cve Reporter cve@mitre.org Modified 2019-10-28T15:15:00
Description
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.
{"id": "CVE-2018-3630", "bulletinFamily": "NVD", "title": "CVE-2018-3630", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none.", "published": "2019-10-28T15:15:00", "modified": "2019-10-28T15:15:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-3630", "reporter": "cve@mitre.org", "references": [], "cvelist": ["CVE-2018-3630"], "type": "cve", "lastseen": "2020-10-03T13:20:21", "edition": 2, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310876263", "OPENVAS:1361412562310852350", "OPENVAS:1361412562310852365"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:0348-1", "OPENSUSE-SU-2019:1083-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2019-1083.NASL", "SUSE_SU-2019-0580-1.NASL", "AL2_ALAS-2019-1273.NASL", "OPENSUSE-2019-348.NASL", "SUSE_SU-2019-0581-1.NASL", "FEDORA_2019-3B96BB5186.NASL", "SUSE_SU-2019-0579-1.NASL"]}, {"type": "amazon", "idList": ["ALAS2-2019-1273"]}, {"type": "fedora", "idList": ["FEDORA:2A27260769EB", "FEDORA:D7BF66075F0D"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4785", "ELSA-2019-4668", "ELSA-2020-5861"]}], "modified": "2020-10-03T13:20:21", "rev": 2}, "score": {"value": 2.7, "vector": "NONE", "modified": "2020-10-03T13:20:21", "rev": 2}, "vulnersScore": 2.7}, "cpe": [], "affectedSoftware": [], "cvss2": {}, "cvss3": {}, "cpe23": [], "cwe": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "scheme": null}
{"nessus": [{"lastseen": "2021-01-01T06:16:10", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12180: Fixed a buffer overflow in BlockIo service, which\ncould lead to memory read/write overrun (bsc#1127820).\n\nCVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\npacket (bsc#1127821).\n\nCVE-2018-3630: Fixed a logic error in FV parsing which could allow a\nlocal attacker to bypass the chain of trust checks (bsc#1127822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "SUSE SLES12 Security Update : ovmf (SUSE-SU-2019:0579-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ovmf-tools", "p-cpe:/a:novell:suse_linux:ovmf"], "id": "SUSE_SU-2019-0579-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122773", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0579-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122773);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n\n script_name(english:\"SUSE SLES12 Security Update : ovmf (SUSE-SU-2019:0579-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12180: Fixed a buffer overflow in BlockIo service, which\ncould lead to memory read/write overrun (bsc#1127820).\n\nCVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\npacket (bsc#1127821).\n\nCVE-2018-3630: Fixed a logic error in FV parsing which could allow a\nlocal attacker to bypass the chain of trust checks (bsc#1127822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12178/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12180/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3630/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190579-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?329a81a1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-579=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ovmf-2017+git1492060560.b6d11d7c46-4.20.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"ovmf-tools-2017+git1492060560.b6d11d7c46-4.20.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:16:10", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12180: Fixed a buffer overflow in BlockIo service, which\ncould lead to memory read/write overrun (bsc#1127820).\n\nCVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\npacket (bsc#1127821).\n\nCVE-2018-3630: Fixed a logic error in FV parsing which could allow a\nlocal attacker to bypass the chain of trust checks (bsc#1127822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "SUSE SLES15 Security Update : ovmf (SUSE-SU-2019:0580-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:ovmf-tools", "p-cpe:/a:novell:suse_linux:ovmf"], "id": "SUSE_SU-2019-0580-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122774", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0580-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122774);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n\n script_name(english:\"SUSE SLES15 Security Update : ovmf (SUSE-SU-2019:0580-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12180: Fixed a buffer overflow in BlockIo service, which\ncould lead to memory read/write overrun (bsc#1127820).\n\nCVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\npacket (bsc#1127821).\n\nCVE-2018-3630: Fixed a logic error in FV parsing which could allow a\nlocal attacker to bypass the chain of trust checks (bsc#1127822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12178/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12180/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3630/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190580-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?764c02f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-580=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"ovmf-2017+git1510945757.b2662641d5-5.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"ovmf-tools-2017+git1510945757.b2662641d5-5.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T06:16:10", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12180: Fixed a buffer overflow in BlockIo service, which\ncould lead to memory read/write overrun (bsc#1127820).\n\nCVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\npacket (bsc#1127821).\n\nCVE-2018-3630: Fixed a logic error in FV parsing which could allow a\nlocal attacker to bypass the chain of trust checks (bsc#1127822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-12T00:00:00", "title": "SUSE SLES12 Security Update : ovmf (SUSE-SU-2019:0581-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:ovmf-tools", "p-cpe:/a:novell:suse_linux:ovmf"], "id": "SUSE_SU-2019-0581-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122775", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0581-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122775);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/02/05\");\n\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n\n script_name(english:\"SUSE SLES12 Security Update : ovmf (SUSE-SU-2019:0581-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-12180: Fixed a buffer overflow in BlockIo service, which\ncould lead to memory read/write overrun (bsc#1127820).\n\nCVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\npacket (bsc#1127821).\n\nCVE-2018-3630: Fixed a logic error in FV parsing which could allow a\nlocal attacker to bypass the chain of trust checks (bsc#1127822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12178/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12180/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-3630/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190581-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ed0dc58\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-581=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-581=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ovmf-2017+git1510945757.b2662641d5-3.8.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"ovmf-tools-2017+git1510945757.b2662641d5-3.8.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T16:45:20", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo\n service, which could lead to memory read/write overrun\n (bsc#1127820).\n\n - CVE-2018-12178: Fixed an improper DNS check upon\n receiving a new DNS packet (bsc#1127821).\n\n - CVE-2018-3630: Fixed a logic error in FV parsing which\n could allow a local attacker to bypass the chain of\n trust checks (bsc#1127822).	 \n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-03-20T00:00:00", "title": "openSUSE Security Update : ovmf (openSUSE-2019-348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "modified": "2019-03-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug", "p-cpe:/a:novell:opensuse:qemu-ovmf-ia32", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64", "p-cpe:/a:novell:opensuse:ovmf-tools", "cpe:/o:novell:opensuse:42.3", "p-cpe:/a:novell:opensuse:ovmf"], "id": "OPENSUSE-2019-348.NASL", "href": "https://www.tenable.com/plugins/nessus/122963", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-348.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122963);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n\n script_name(english:\"openSUSE Security Update : ovmf (openSUSE-2019-348)\");\n script_summary(english:\"Check for the openSUSE-2019-348 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo\n service, which could lead to memory read/write overrun\n (bsc#1127820).\n\n - CVE-2018-12178: Fixed an improper DNS check upon\n receiving a new DNS packet (bsc#1127821).\n\n - CVE-2018-3630: Fixed a logic error in FV parsing which\n could allow a local attacker to bypass the chain of\n trust checks (bsc#1127822).	 \n\nThis update was imported from the SUSE:SLE-12-SP3:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127822\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ovmf-2017+git1492060560.b6d11d7c46-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ovmf-tools-2017+git1492060560.b6d11d7c46-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ovmf-ia32-2017+git1492060560.b6d11d7c46-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"qemu-ovmf-x86_64-2017+git1492060560.b6d11d7c46-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"qemu-ovmf-x86_64-debug-2017+git1492060560.b6d11d7c46-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf / ovmf-tools / qemu-ovmf-ia32 / qemu-ovmf-x86_64 / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T16:31:10", "description": "This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo\n service, which could lead to memory read/write overrun\n (bsc#1127820).\n\n - CVE-2018-12178: Fixed an improper DNS check upon\n receiving a new DNS packet (bsc#1127821).\n\n - CVE-2018-3630: Fixed a logic error in FV parsing which\n could allow a local attacker to bypass the chain of\n trust checks (bsc#1127822).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 14, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-04-01T00:00:00", "title": "openSUSE Security Update : ovmf (openSUSE-2019-1083)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "modified": "2019-04-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug", "cpe:/o:novell:opensuse:15.0", "p-cpe:/a:novell:opensuse:qemu-ovmf-ia32", "p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64", "p-cpe:/a:novell:opensuse:ovmf-tools", "p-cpe:/a:novell:opensuse:ovmf"], "id": "OPENSUSE-2019-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/123543", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1083.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123543);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n\n script_name(english:\"openSUSE Security Update : ovmf (openSUSE-2019-1083)\");\n script_summary(english:\"Check for the openSUSE-2019-1083 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ovmf fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo\n service, which could lead to memory read/write overrun\n (bsc#1127820).\n\n - CVE-2018-12178: Fixed an improper DNS check upon\n receiving a new DNS packet (bsc#1127821).\n\n - CVE-2018-3630: Fixed a logic error in FV parsing which\n could allow a local attacker to bypass the chain of\n trust checks (bsc#1127822).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127822\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ovmf packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ovmf-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:qemu-ovmf-x86_64-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ovmf-2017+git1510945757.b2662641d5-lp150.4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"ovmf-tools-2017+git1510945757.b2662641d5-lp150.4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ovmf-ia32-2017+git1510945757.b2662641d5-lp150.4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-lp150.4.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"qemu-ovmf-x86_64-debug-2017+git1510945757.b2662641d5-lp150.4.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ovmf / ovmf-tools / qemu-ovmf-x86_64 / qemu-ovmf-x86_64-debug / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:17:11", "description": "Logic error in FV parsing in MdeModulePkg\\Core\\Pei\\FwVol\\FwVol.c\n(CVE-2018-3630)\n\nLogic issue in variable service module for EDK\nII/UDK2018/UDK2017/UDK2015 may allow an authenticated user to\npotentially enable escalation of privilege, information disclosure\nand/or denial of service via local access. (CVE-2017-5734)\n\nA missing check leads to an out-of-bounds read and write flaw in\nNetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A\nremote attacker who controls the DNS server used by the vulnerable\nfirmware may use this flaw to make the system crash. (CVE-2018-3613)\n\nimproper DNS packet size check (CVE-2018-12178)\n\nPrivilege escalation via heap-based buffer overflow in Decode()\nfunction (CVE-2017-5735)\n\nPrivilege escalation via heap-based buffer overflow in MakeTable()\nfunction (CVE-2017-5733)\n\nPrivilege escalation via processing of malformed files in\nTianoCompress.c (CVE-2017-5731)\n\nPrivilege escalation via processing of malformed files in\nBaseUefiDecompressLib.c (CVE-2017-5732)\n\nA stack-based buffer overflow was discovered in edk2 when the HII\ndatabase contains a Bitmap that claims to be 4-bit or 8-bit per pixel,\nbut the palette contains more than 16(2^4) or 256(2^8) colors.\n(CVE-2018-12181)\n\nBuffer overflow in BlockIo service for EDK II may allow an\nunauthenticated user to potentially enable escalation of privilege,\ninformation disclosure and/or denial of service via network access.\n(CVE-2018-12180)", "edition": 16, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-08-28T00:00:00", "title": "Amazon Linux 2 : edk2 (ALAS-2019-1273)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2017-5731", "CVE-2018-3613", "CVE-2017-5732", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:edk2-aarch64", "p-cpe:/a:amazon:linux:edk2-tools-python", "p-cpe:/a:amazon:linux:edk2-tools-doc", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:edk2-tools", "p-cpe:/a:amazon:linux:edk2-ovmf", "p-cpe:/a:amazon:linux:edk2-debuginfo"], "id": "AL2_ALAS-2019-1273.NASL", "href": "https://www.tenable.com/plugins/nessus/128287", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1273.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128287);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-5731\", \"CVE-2017-5732\", \"CVE-2017-5733\", \"CVE-2017-5734\", \"CVE-2017-5735\", \"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-12181\", \"CVE-2018-3613\", \"CVE-2018-3630\");\n script_xref(name:\"ALAS\", value:\"2019-1273\");\n\n script_name(english:\"Amazon Linux 2 : edk2 (ALAS-2019-1273)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Logic error in FV parsing in MdeModulePkg\\Core\\Pei\\FwVol\\FwVol.c\n(CVE-2018-3630)\n\nLogic issue in variable service module for EDK\nII/UDK2018/UDK2017/UDK2015 may allow an authenticated user to\npotentially enable escalation of privilege, information disclosure\nand/or denial of service via local access. (CVE-2017-5734)\n\nA missing check leads to an out-of-bounds read and write flaw in\nNetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A\nremote attacker who controls the DNS server used by the vulnerable\nfirmware may use this flaw to make the system crash. (CVE-2018-3613)\n\nimproper DNS packet size check (CVE-2018-12178)\n\nPrivilege escalation via heap-based buffer overflow in Decode()\nfunction (CVE-2017-5735)\n\nPrivilege escalation via heap-based buffer overflow in MakeTable()\nfunction (CVE-2017-5733)\n\nPrivilege escalation via processing of malformed files in\nTianoCompress.c (CVE-2017-5731)\n\nPrivilege escalation via processing of malformed files in\nBaseUefiDecompressLib.c (CVE-2017-5732)\n\nA stack-based buffer overflow was discovered in edk2 when the HII\ndatabase contains a Bitmap that claims to be 4-bit or 8-bit per pixel,\nbut the palette contains more than 16(2^4) or 256(2^8) colors.\n(CVE-2018-12181)\n\nBuffer overflow in BlockIo service for EDK II may allow an\nunauthenticated user to potentially enable escalation of privilege,\ninformation disclosure and/or denial of service via network access.\n(CVE-2018-12180)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1273.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update edk2' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:edk2-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:edk2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:edk2-ovmf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:edk2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:edk2-tools-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:edk2-tools-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"edk2-aarch64-20190308stable-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"edk2-debuginfo-20190308stable-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"edk2-ovmf-20190308stable-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"edk2-tools-20190308stable-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"edk2-tools-doc-20190308stable-1.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"edk2-tools-python-20190308stable-1.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"edk2-aarch64 / edk2-debuginfo / edk2-ovmf / edk2-tools / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T02:22:32", "description": "Use YYYYMMDD versioning to fix upgrade path\n\n----\n\n - Update to stable-201903\n\n - Update to openssl-1.1.0j\n\n - Move to python3 deps\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-02T00:00:00", "title": "Fedora 30 : edk2 (2019-3b96bb5186)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2017-5731", "CVE-2018-3613", "CVE-2017-5732", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:edk2", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-3B96BB5186.NASL", "href": "https://www.tenable.com/plugins/nessus/124486", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-3b96bb5186.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124486);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2017-5731\", \"CVE-2017-5732\", \"CVE-2017-5733\", \"CVE-2017-5734\", \"CVE-2017-5735\", \"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-12181\", \"CVE-2018-3613\", \"CVE-2018-3630\");\n script_xref(name:\"FEDORA\", value:\"2019-3b96bb5186\");\n\n script_name(english:\"Fedora 30 : edk2 (2019-3b96bb5186)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Use YYYYMMDD versioning to fix upgrade path\n\n----\n\n - Update to stable-201903\n\n - Update to openssl-1.1.0j\n\n - Move to python3 deps\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-3b96bb5186\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected edk2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12180\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:edk2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"edk2-20190308stable-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"edk2\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-03-14T17:09:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "description": "The remote host is missing an update for the ", "modified": "2020-03-13T00:00:00", "published": "2019-04-03T00:00:00", "id": "OPENVAS:1361412562310852365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852365", "type": "openvas", "title": "openSUSE: Security Advisory for ovmf (openSUSE-SU-2019:1083-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852365\");\n script_version(\"2020-03-13T07:50:12+0000\");\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:50:12 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-03 06:41:36 +0000 (Wed, 03 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for ovmf (openSUSE-SU-2019:1083-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1083-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ovmf'\n package(s) announced via the openSUSE-SU-2019:1083-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ovmf fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could\n lead to memory read/write overrun (bsc#1127820).\n\n - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\n packet (bsc#1127821).\n\n - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a\n local attacker to bypass the chain of trust checks (bsc#1127822).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1083=1\");\n\n script_tag(name:\"affected\", value:\"'ovmf' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ovmf\", rpm:\"ovmf~2017+git1510945757.b2662641d5~lp150.4.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ovmf-tools\", rpm:\"ovmf-tools~2017+git1510945757.b2662641d5~lp150.4.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-ia32\", rpm:\"qemu-ovmf-ia32~2017+git1510945757.b2662641d5~lp150.4.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86-64\", rpm:\"qemu-ovmf-x86-64~2017+git1510945757.b2662641d5~lp150.4.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86-64-debug\", rpm:\"qemu-ovmf-x86-64-debug~2017+git1510945757.b2662641d5~lp150.4.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T17:08:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-03-21T00:00:00", "id": "OPENVAS:1361412562310852350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852350", "type": "openvas", "title": "openSUSE: Security Advisory for ovmf (openSUSE-SU-2019:0348-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852350\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-3630\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-21 09:51:09 +0100 (Thu, 21 Mar 2019)\");\n script_name(\"openSUSE: Security Advisory for ovmf (openSUSE-SU-2019:0348-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:0348-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-03/msg00029.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ovmf'\n package(s) announced via the openSUSE-SU-2019:0348-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ovmf fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could\n lead to memory read/write overrun (bsc#1127820).\n\n - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\n packet (bsc#1127821).\n\n - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a\n local attacker to bypass the chain of trust checks (bsc#1127822).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-348=1\");\n\n script_tag(name:\"affected\", value:\"ovmf on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"ovmf\", rpm:\"ovmf~2017+git1492060560.b6d11d7c46~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ovmf-tools\", rpm:\"ovmf-tools~2017+git1492060560.b6d11d7c46~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86_64-debug\", rpm:\"qemu-ovmf-x86_64-debug~2017+git1492060560.b6d11d7c46~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-ia32\", rpm:\"qemu-ovmf-ia32~2017+git1492060560.b6d11d7c46~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"qemu-ovmf-x86_64\", rpm:\"qemu-ovmf-x86_64~2017+git1492060560.b6d11d7c46~16.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2017-5731", "CVE-2018-3613", "CVE-2017-5732", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876263", "type": "openvas", "title": "Fedora Update for edk2 FEDORA-2019-bff1cbaba3", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876263\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2017-5731\", \"CVE-2017-5732\", \"CVE-2017-5733\", \"CVE-2017-5734\", \"CVE-2017-5735\", \"CVE-2018-12178\", \"CVE-2018-12180\", \"CVE-2018-12181\", \"CVE-2018-3613\", \"CVE-2018-3630\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:41:16 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for edk2 FEDORA-2019-bff1cbaba3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-bff1cbaba3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'edk2'\n package(s) announced via the FEDORA-2019-bff1cbaba3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"EDK II is a development code base for creating UEFI drivers, applications\nand firmware images.\");\n\n script_tag(name:\"affected\", value:\"'edk2' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"edk2\", rpm:\"edk2~20190308stable~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2019-03-20T00:22:15", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "description": "This update for ovmf fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could\n lead to memory read/write overrun (bsc#1127820).\n - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\n packet (bsc#1127821).\n - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a\n local attacker to bypass the chain of trust checks (bsc#1127822).\n\n This update was imported from the SUSE:SLE-12-SP3:Update update project.\n\n", "edition": 1, "modified": "2019-03-19T21:11:07", "published": "2019-03-19T21:11:07", "id": "OPENSUSE-SU-2019:0348-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00029.html", "title": "Security update for ovmf (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-03-30T14:56:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2018-3630"], "description": "This update for ovmf fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could\n lead to memory read/write overrun (bsc#1127820).\n - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS\n packet (bsc#1127821).\n - CVE-2018-3630: Fixed a logic error in FV parsing which could allow a\n local attacker to bypass the chain of trust checks (bsc#1127822).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-03-30T12:19:31", "published": "2019-03-30T12:19:31", "id": "OPENSUSE-SU-2019:1083-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html", "title": "Security update for ovmf (important)", "type": "suse", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5731", "CVE-2017-5732", "CVE-2017-5733", "CVE-2017-5734", "CVE-2017-5735", "CVE-2018-12178", "CVE-2018-12180", "CVE-2018-12181", "CVE-2018-3613", "CVE-2018-3630"], "description": "EDK II is a development code base for creating UEFI drivers, applications and firmware images. ", "modified": "2019-03-31T00:05:59", "published": "2019-03-31T00:05:59", "id": "FEDORA:D7BF66075F0D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: edk2-20190308stable-1.fc30", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5731", "CVE-2017-5732", "CVE-2017-5733", "CVE-2017-5734", "CVE-2017-5735", "CVE-2018-12178", "CVE-2018-12180", "CVE-2018-12181", "CVE-2018-3613", "CVE-2018-3630"], "description": "EDK II is a development code base for creating UEFI drivers, applications and firmware images. ", "modified": "2019-04-03T03:31:40", "published": "2019-04-03T03:31:40", "id": "FEDORA:2A27260769EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: edk2-20190308stable-1.fc29", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:13", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12178", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2017-5731", "CVE-2018-3613", "CVE-2017-5732", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "description": "**Issue Overview:**\n\nLogic error in FV parsing in MdeModulePkg\\Core\\Pei\\FwVol\\FwVol.c ([CVE-2018-3630 __](<https://access.redhat.com/security/cve/CVE-2018-3630>))\n\nLogic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. ([CVE-2017-5734 __](<https://access.redhat.com/security/cve/CVE-2017-5734>))\n\nA missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. ([CVE-2018-3613 __](<https://access.redhat.com/security/cve/CVE-2018-3613>))\n\nimproper DNS packet size check ([CVE-2018-12178 __](<https://access.redhat.com/security/cve/CVE-2018-12178>)) \n \nPrivilege escalation via heap-based buffer overflow in Decode() function ([CVE-2017-5735 __](<https://access.redhat.com/security/cve/CVE-2017-5735>)) \n \nPrivilege escalation via heap-based buffer overflow in MakeTable() function ([CVE-2017-5733 __](<https://access.redhat.com/security/cve/CVE-2017-5733>))\n\nPrivilege escalation via processing of malformed files in TianoCompress.c ([CVE-2017-5731 __](<https://access.redhat.com/security/cve/CVE-2017-5731>))\n\nPrivilege escalation via processing of malformed files in BaseUefiDecompressLib.c ([CVE-2017-5732 __](<https://access.redhat.com/security/cve/CVE-2017-5732>))\n\nA stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors. ([CVE-2018-12181 __](<https://access.redhat.com/security/cve/CVE-2018-12181>))\n\nBuffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. ([CVE-2018-12180 __](<https://access.redhat.com/security/cve/CVE-2018-12180>))\n\n \n**Affected Packages:** \n\n\nedk2\n\n \n**Issue Correction:** \nRun _yum update edk2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n edk2-tools-20190308stable-1.amzn2.0.1.aarch64 \n edk2-debuginfo-20190308stable-1.amzn2.0.1.aarch64 \n \n noarch: \n edk2-tools-python-20190308stable-1.amzn2.0.1.noarch \n edk2-tools-doc-20190308stable-1.amzn2.0.1.noarch \n edk2-aarch64-20190308stable-1.amzn2.0.1.noarch \n edk2-ovmf-20190308stable-1.amzn2.0.1.noarch \n \n src: \n edk2-20190308stable-1.amzn2.0.1.src \n \n x86_64: \n edk2-tools-20190308stable-1.amzn2.0.1.x86_64 \n edk2-debuginfo-20190308stable-1.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2019-08-23T03:26:00", "published": "2019-08-23T03:26:00", "id": "ALAS2-2019-1273", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1273.html", "title": "Important: edk2", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-09-13T20:50:58", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12178", "CVE-2017-5753", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2017-5731", "CVE-2017-5715", "CVE-2017-5732", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "description": "[1:1.2-5.el7]\n- Update spec file to remove 'modprobe kvm-intel' and remove --enable-kvm arg to ovmf_vars_generator so qemu will not require kvm kernel module. (Aaron Young) \n- Update spec file to modprobe kvm_intel module prior to running qemu to enroll default keys. (Aaron Young) \n- Enroll Oracle cert/key for OL secureboot support. (Aaron Young)\n[1:1.2-2.el7]\n- Change Image.c image load error to DEBUG_WARN from DEBUG_ERROR since it is normal for some images to fail to load if the associated hardware is not present. Such is the case with Ramfb. (Aaron Young) [Orabug: 28868674]\n- Fix AAVMF build. Pull in OpenSSL code (as is done for x86_64) (Aaron Young) \n- Update AAVMF change log for version 1.2 (Aaron Young)\n[1:1.2-1.el7]\n- Update spec files and OVMF change log to version 1.2", "edition": 1, "modified": "2019-09-13T00:00:00", "published": "2019-09-13T00:00:00", "id": "ELSA-2019-4785", "href": "http://linux.oracle.com/errata/ELSA-2019-4785.html", "title": "edk2 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-06-07T02:47:14", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12178", "CVE-2017-5753", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2017-5731", "CVE-2017-5715", "CVE-2017-5732", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "description": "[1:1.2-5.el7]\n- Update spec file to remove 'modprobe kvm-intel' and remove --enable-kvm arg to ovmf_vars_generator so qemu will not require kvm kernel module. (Aaron Young) \n- Update spec file to modprobe kvm_intel module prior to running qemu to enroll default keys. (Aaron Young) \n- Enroll Oracle cert/key for OL secureboot support. (Aaron Young)\n[1:1.2-2.el7]\n- Change Image.c image load error to DEBUG_WARN from DEBUG_ERROR since it is normal for some images to fail to load if the associated hardware is not present. Such is the case with Ramfb. (Aaron Young) [Orabug: 28868674]\n- Fix AAVMF build. Pull in OpenSSL code (as is done for x86_64) (Aaron Young) \n- Update AAVMF change log for version 1.2 (Aaron Young)\n[1:1.2-1.el7]\n- Update spec files and OVMF change log to version 1.2", "edition": 1, "modified": "2019-06-06T00:00:00", "published": "2019-06-06T00:00:00", "id": "ELSA-2019-4668", "href": "http://linux.oracle.com/errata/ELSA-2019-4668.html", "title": "edk2 security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-30T02:46:53", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12178", "CVE-2017-5753", "CVE-2018-12180", "CVE-2017-5733", "CVE-2017-5735", "CVE-2018-12182", "CVE-2017-5731", "CVE-2019-14553", "CVE-2017-5715", "CVE-2019-13224", "CVE-2017-5732", "CVE-2019-13225", "CVE-2018-12181", "CVE-2018-3630", "CVE-2017-5734"], "description": "[1:1.3.2-1.el7]\n- Updates for OVMF/AAVMF Version 1.3.2 including:\n* Fri Jul 31 2020 Aaron Young \n- Create new 1.3.2 release for OL7\n* Fri May 01 2020 Aaron Young \n- Create new 1.3.1 release for OL7\n* Wed Feb 05 2020 Aaron Young \n- Create new 1.3 release for OL7 which includes the following fixed CVEs:\n {CVE-2018-12182} {CVE-2019-13224} {CVE-2019-13225} {CVE-2019-14553}\n* Fri May 17 2019 Aaron Young \n- Create new 1.2 release for OL7 which includes the following fixed CVEs:\n {CVE-2017-5715} {CVE-2017-5731} {CVE-2017-5732} {CVE-2017-5733} {CVE-2017-5734} {CVE-2017-5735} {CVE-2017-5753} {CVE-2018-12178} {CVE-2018-12180} {CVE-2018-12181} {CVE-2018-3630}", "edition": 2, "modified": "2020-09-29T00:00:00", "published": "2020-09-29T00:00:00", "id": "ELSA-2020-5861", "href": "http://linux.oracle.com/errata/ELSA-2020-5861.html", "title": "edk2 security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
