[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25

2017-10-25T21:22:27

Description

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	25	botan	1.10.17

{"id": "FEDORA:A85616020BE8", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25", "description": "Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. ", "published": "2017-10-25T21:22:27", "modified": "2017-10-25T21:22:27", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Z6J5PGUO5YWVFSIHSY4LRPKFPIJ6RQKC/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2017-14737", "CVE-2017-2801"], "immutableFields": [], "lastseen": "2020-12-21T08:17:54", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-201710-17"]}, {"type": "cve", "idList": ["CVE-2017-14737", "CVE-2017-2801"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1125-1:104D8", "DEBIAN:DLA-2812-1:87162", "DEBIAN:DLA-915-1:F3136", "DEBIAN:DSA-3939-1:E84F1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14737", "DEBIANCVE:CVE-2017-2801"]}, {"type": "fedora", "idList": ["FEDORA:1B6746076005", "FEDORA:3FD4060FA1C4", "FEDORA:921656077DD6"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1125.NASL", "DEBIAN_DLA-2812.NASL", "DEBIAN_DLA-915.NASL", "DEBIAN_DSA-3939.NASL", "FEDORA_2017-523F6A613D.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703939", "OPENVAS:1361412562310873541", "OPENVAS:1361412562310873547", "OPENVAS:1361412562310890915", "OPENVAS:1361412562310891125"]}, {"type": "seebug", "idList": ["SSV:96525"]}, {"type": "talos", "idList": ["TALOS-2017-0294"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-14737", "UB:CVE-2017-2801"]}], "rev": 4}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "archlinux", "idList": ["ASA-201710-17"]}, {"type": "cve", "idList": ["CVE-2017-14737", "CVE-2017-2801"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1125-1:104D8", "DEBIAN:DLA-915-1:F3136", "DEBIAN:DSA-3939-1:E84F1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-14737", "DEBIANCVE:CVE-2017-2801"]}, {"type": "fedora", "idList": ["FEDORA:1B6746076005", "FEDORA:3FD4060FA1C4", "FEDORA:921656077DD6"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-915.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703939"]}, {"type": "seebug", "idList": ["SSV:96525"]}, {"type": "talos", "idList": ["TALOS-2017-0294"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-14737", "UB:CVE-2017-2801"]}]}, "exploitation": null, "vulnersScore": 5.6}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "25", "arch": "any", "packageName": "botan", "packageVersion": "1.10.17", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-10-25T23:16:12", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: botan-1.10.17-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737", "CVE-2017-2801"], "modified": "2017-10-25T23:16:12", "id": "FEDORA:3FD4060FA1C4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RPHA5S6ZQM46XJ2CGDEETO6U6I6M5NEG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-11T03:22:45", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: botan-1.10.17-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-11-11T03:22:45", "id": "FEDORA:1B6746076005", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FWZEOWVGKLXS2O4L33XZP7JNV4AHQRCT/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \\#10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API reference, tutorial, and examples may help impart the flavor of the library. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-11-11T13:40:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: botan-1.10.17-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-11-11T13:40:51", "id": "FEDORA:921656077DD6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FWZEOWVGKLXS2O4L33XZP7JNV4AHQRCT/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:34:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "openvas", "title": "Fedora Update for botan FEDORA-2017-d4248ba346", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2801", "CVE-2017-14737"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873541", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873541", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_d4248ba346_botan_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for botan FEDORA-2017-d4248ba346\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873541\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 20:54:34 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-14737\", \"CVE-2017-2801\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for botan FEDORA-2017-d4248ba346\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'botan'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"botan on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-d4248ba346\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RPHA5S6ZQM46XJ2CGDEETO6U6I6M5NEG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"botan\", rpm:\"botan~1.10.17~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "openvas", "title": "Fedora Update for botan FEDORA-2017-7e5ac0896e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2801", "CVE-2017-14737"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873547", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873547", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_7e5ac0896e_botan_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for botan FEDORA-2017-7e5ac0896e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873547\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-27 20:55:23 +0200 (Fri, 27 Oct 2017)\");\n script_cve_id(\"CVE-2017-14737\", \"CVE-2017-2801\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for botan FEDORA-2017-7e5ac0896e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'botan'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"botan on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-7e5ac0896e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6J5PGUO5YWVFSIHSY4LRPKFPIJ6RQKC\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"botan\", rpm:\"botan~1.10.17~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:09:20", "description": "CVE-2017-14737\nFix of cache-based side channel attack, which could recover\ninformation about RSA secret keys.", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for botan1.10 (DLA-1125-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14737"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891125", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891125\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-14737\");\n script_name(\"Debian LTS: Security Advisory for botan1.10 (DLA-1125-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00005.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"botan1.10 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.10.5-1+deb7u4.\n\nWe recommend that you upgrade your botan1.10 packages.\");\n\n script_tag(name:\"summary\", value:\"CVE-2017-14737\nFix of cache-based side channel attack, which could recover\ninformation about RSA secret keys.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"botan1.10-dbg\", ver:\"1.10.5-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbotan-1.10-0\", ver:\"1.10.5-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbotan1.10-dev\", ver:\"1.10.5-1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:03", "description": "Aleksandar Nikolic discovered that an error in the x509 parser of the\nBotan crypto library could result in an out-of-bounds memory read,\nresulting in denial of service or an information leak if processing\na malformed certificate.", "cvss3": {}, "published": "2017-08-12T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3939-1 (botan1.10 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2801"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703939", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703939", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3939.nasl 14275 2019-03-18 14:39:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3939-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703939\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2017-2801\");\n script_name(\"Debian Security Advisory DSA 3939-1 (botan1.10 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-12 00:00:00 +0200 (Sat, 12 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3939.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"botan1.10 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1.10.8-2+deb8u2.\n\nFor the stable distribution (stretch), this problem has been fixed\nprior to the initial release.\n\nWe recommend that you upgrade your botan1.10 packages.\");\n script_tag(name:\"summary\", value:\"Aleksandar Nikolic discovered that an error in the x509 parser of the\nBotan crypto library could result in an out-of-bounds memory read,\nresulting in denial of service or an information leak if processing\na malformed certificate.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"botan1.10-dbg\", ver:\"1.10.8-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbotan-1.10-0\", ver:\"1.10.8-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbotan1.10-dev\", ver:\"1.10.8-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:24", "description": "A bug in X509 DN string comparisons could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results.", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for botan1.10 (DLA-915-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2801"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310890915", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310890915", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.890915\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-2801\");\n script_name(\"Debian LTS: Security Advisory for botan1.10 (DLA-915-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 00:00:00 +0100 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00034.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"botan1.10 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version 1.10.5-1+deb7u3.\nWe recommend that you upgrade your botan1.10 packages.\");\n\n script_tag(name:\"summary\", value:\"A bug in X509 DN string comparisons could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"botan1.10-dbg\", ver:\"1.10.5-1+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbotan-1.10-0\", ver:\"1.10.5-1+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbotan1.10-dev\", ver:\"1.10.5-1+deb7u3\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-01-06T03:13:43", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2812-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Anton Gladky\nNovember 08, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : botan1.10\nVersion : 1.10.17-1+deb9u1\nCVE ID : CVE-2017-14737\n\nOne security issue has been discovered in botan1.10: a C++ cryptography\nlibrary.\n\n\nAn attacker of a local or a cross-VM may be able to recover bits of\nsecret exponents as used in RSA, DH, etc. with help of cache analysis.\nhttps://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai\n\nFor Debian 9 stretch, this problem has been fixed in version\n1.10.17-1+deb9u1.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nFor the detailed security status of botan1.10 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/botan1.10\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-08T21:26:23", "type": "debian", "title": "[SECURITY] [DLA 2812-1] botan1.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2021-11-08T21:26:23", "id": "DEBIAN:DLA-2812-1:87162", "href": "https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-05T16:00:31", "description": "Package : botan1.10\nVersion : 1.10.5-1+deb7u4\nCVE ID : CVE-2017-14737\n\n\nCVE-2017-14737\n Fix of cache-based side channel attack, which could recover\n information about RSA secret keys.\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.10.5-1+deb7u4.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-06T21:15:39", "type": "debian", "title": "[SECURITY] [DLA 1125-1] botan1.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-10-06T21:15:39", "id": "DEBIAN:DLA-1125-1:104D8", "href": "https://lists.debian.org/debian-lts-announce/2017/10/msg00005.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T21:57:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3939-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nAugust 12, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : botan1.10\nCVE ID : CVE-2017-2801\n\nAleksandar Nikolic discovered that an error in the x509 parser of the\nBotan crypto library could result in an out-of-bounds memory read,\nresulting in denial of service or an information leak if processing\na malformed certificate.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.10.8-2+deb8u2.\n\nFor the stable distribution (stretch), this problem has been fixed\nprior to the initial release.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-08-12T18:35:05", "type": "debian", "title": "[SECURITY] [DSA 3939-1] botan1.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2801"], "modified": "2017-08-12T18:35:05", "id": "DEBIAN:DSA-3939-1:E84F1", "href": "https://lists.debian.org/debian-security-announce/2017/msg00200.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T13:38:30", "description": "Package : botan1.10\nVersion : 1.10.5-1+deb7u3\nCVE ID : CVE-2017-2801\nDebian Bug : 860072\n\n\nA bug in X509 DN string comparisons could result in out of bound reads. \nThis could result in information leakage, denial of service, or \npotentially incorrect certificate validation results.\n\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.10.5-1+deb7u3.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-25T19:42:21", "type": "debian", "title": "[SECURITY] [DLA 915-1] botan1.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2801"], "modified": "2017-04-25T19:42:21", "id": "DEBIAN:DLA-915-1:F3136", "href": "https://lists.debian.org/debian-lts-announce/2017/04/msg00034.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2022-01-30T23:47:39", "description": "The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2812 advisory.\n\n - A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key. (CVE-2017-14737)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-11-10T00:00:00", "type": "nessus", "title": "Debian DLA-2812-1 : botan1.10 - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14737"], "modified": "2021-11-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:botan1.10-dbg", "p-cpe:/a:debian:debian_linux:libbotan-1.10-1", "p-cpe:/a:debian:debian_linux:libbotan1.10-dev", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2812.NASL", "href": "https://www.tenable.com/plugins/nessus/155013", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-2812. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155013);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/10\");\n\n script_cve_id(\"CVE-2017-14737\");\n\n script_name(english:\"Debian DLA-2812-1 : botan1.10 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2812\nadvisory.\n\n - A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and\n 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by\n CacheD. This occurs because an array is indexed with bits derived from a secret key. (CVE-2017-14737)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/botan1.10\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2021/dla-2812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2017-14737\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/stretch/botan1.10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the botan1.10 packages.\n\nFor Debian 9 stretch, this problem has been fixed in version 1.10.17-1+deb9u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-14737\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:botan1.10-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbotan-1.10-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbotan1.10-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(9)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '9.0', 'prefix': 'botan1.10-dbg', 'reference': '1.10.17-1+deb9u1'},\n {'release': '9.0', 'prefix': 'libbotan-1.10-1', 'reference': '1.10.17-1+deb9u1'},\n {'release': '9.0', 'prefix': 'libbotan1.10-dev', 'reference': '1.10.17-1+deb9u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'botan1.10-dbg / libbotan-1.10-1 / libbotan1.10-dev');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:34:18", "description": "#### Version 1.10.17, 2017-10-02 ####\n\n - Address a side channel affecting modular exponentiation.\n An attacker capable of a local or cross-VM cache analysis attack may be able to recover bits of secret exponents as used in RSA, DH, etc. (CVE-2017-14737)\n\n - Workaround a miscompilation bug in GCC 7 on x86-32 affecting GOST-34.11 hash function. [GH #1192](https://github.com/randombit/botan/issues/1192) [GH #1148](https://github.com/randombit/botan/issues/1148) [GH #882](https://github.com/randombit/botan/issues/882)\n\n - Add SecureVector::data() function which returns the start of the buffer. This makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase.\n\n - When compiled by a C++11 (or later) compiler, a template typedef of SecureVector, secure_vector, is added. In 2.x this class is a std::vector with a custom allocator, so has a somewhat different interface than SecureVector in 1.10. But this makes it slightly simpler to support both 1.10 and 2.x APIs in the same codebase.\n\n - Fix a bug that prevented `configure.py` from running under Python3\n\n - Botan 1.10.x does not support the OpenSSL 1.1 API. Now the build will #error if OpenSSL 1.1 is detected. Avoid –with-openssl if compiling against 1.1 or later.\n [GH #753](https://github.com/randombit/botan/issues/753)\n\n - Import patches from Debian adding basic support for building on aarch64, ppc64le, or1k, and mipsn32 platforms.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : botan (2017-523f6a613d)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14737"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:botan", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2017-523F6A613D.NASL", "href": "https://www.tenable.com/plugins/nessus/105878", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-523f6a613d.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105878);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-14737\");\n script_xref(name:\"FEDORA\", value:\"2017-523f6a613d\");\n\n script_name(english:\"Fedora 27 : botan (2017-523f6a613d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"#### Version 1.10.17, 2017-10-02 ####\n\n - Address a side channel affecting modular exponentiation.\n An attacker capable of a local or cross-VM cache\n analysis attack may be able to recover bits of secret\n exponents as used in RSA, DH, etc. (CVE-2017-14737)\n\n - Workaround a miscompilation bug in GCC 7 on x86-32\n affecting GOST-34.11 hash function. [GH\n #1192](https://github.com/randombit/botan/issues/1192)\n [GH\n #1148](https://github.com/randombit/botan/issues/1148)\n [GH #882](https://github.com/randombit/botan/issues/882)\n\n - Add SecureVector::data() function which returns the\n start of the buffer. This makes it slightly simpler to\n support both 1.10 and 2.x APIs in the same codebase.\n\n - When compiled by a C++11 (or later) compiler, a template\n typedef of SecureVector, secure_vector, is added. In 2.x\n this class is a std::vector with a custom allocator, so\n has a somewhat different interface than SecureVector in\n 1.10. But this makes it slightly simpler to support both\n 1.10 and 2.x APIs in the same codebase.\n\n - Fix a bug that prevented `configure.py` from running\n under Python3\n\n - Botan 1.10.x does not support the OpenSSL 1.1 API. Now\n the build will #error if OpenSSL 1.1 is detected. Avoid\n –with-openssl if compiling against 1.1 or later.\n [GH #753](https://github.com/randombit/botan/issues/753)\n\n - Import patches from Debian adding basic support for\n building on aarch64, ppc64le, or1k, and mipsn32\n platforms.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-523f6a613d\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/randombit/botan/issues/1148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/randombit/botan/issues/1192\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected botan package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:botan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"botan-1.10.17-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"botan\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:34:59", "description": "CVE-2017-14737 Fix of cache-based side channel attack, which could recover information about RSA secret keys.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.10.5-1+deb7u4.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-10-09T00:00:00", "type": "nessus", "title": "Debian DLA-1125-1 : botan1.10 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-14737"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:botan1.10-dbg", "p-cpe:/a:debian:debian_linux:libbotan-1.10-0", "p-cpe:/a:debian:debian_linux:libbotan1.10-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1125.NASL", "href": "https://www.tenable.com/plugins/nessus/103710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1125-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103710);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-14737\");\n\n script_name(english:\"Debian DLA-1125-1 : botan1.10 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-14737 Fix of cache-based side channel attack, which could\nrecover information about RSA secret keys.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.10.5-1+deb7u4.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/10/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/botan1.10\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:botan1.10-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbotan-1.10-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbotan1.10-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"botan1.10-dbg\", reference:\"1.10.5-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbotan-1.10-0\", reference:\"1.10.5-1+deb7u4\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbotan1.10-dev\", reference:\"1.10.5-1+deb7u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-05-22T15:14:36", "description": "Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-14T00:00:00", "type": "nessus", "title": "Debian DSA-3939-1 : botan1.10 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2801"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:botan1.10", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3939.NASL", "href": "https://www.tenable.com/plugins/nessus/102446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3939. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102446);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-2801\");\n script_xref(name:\"DSA\", value:\"3939\");\n\n script_name(english:\"Debian DSA-3939-1 : botan1.10 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aleksandar Nikolic discovered that an error in the x509 parser of the\nBotan crypto library could result in an out-of-bounds memory read,\nresulting in denial of service or an information leak if processing a\nmalformed certificate.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/botan1.10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3939\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the botan1.10 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.10.8-2+deb8u2.\n\nFor the stable distribution (stretch), this problem has been fixed\nprior to the initial release.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:botan1.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"botan1.10-dbg\", reference:\"1.10.8-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbotan-1.10-0\", reference:\"1.10.8-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbotan1.10-dev\", reference:\"1.10.8-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-22T14:57:56", "description": "A bug in X509 DN string comparisons could result in out of bound reads. This could result in information leakage, denial of service, or potentially incorrect certificate validation results.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.10.5-1+deb7u3.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-04-26T00:00:00", "type": "nessus", "title": "Debian DLA-915-1 : botan1.10 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2801"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:botan1.10-dbg", "p-cpe:/a:debian:debian_linux:libbotan-1.10-0", "p-cpe:/a:debian:debian_linux:libbotan1.10-dev", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-915.NASL", "href": "https://www.tenable.com/plugins/nessus/99672", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-915-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99672);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-2801\");\n\n script_name(english:\"Debian DLA-915-1 : botan1.10 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A bug in X509 DN string comparisons could result in out of bound\nreads. This could result in information leakage, denial of service, or\npotentially incorrect certificate validation results.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.10.5-1+deb7u3.\n\nWe recommend that you upgrade your botan1.10 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00034.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/botan1.10\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:botan1.10-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbotan-1.10-0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbotan1.10-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"botan1.10-dbg\", reference:\"1.10.5-1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbotan-1.10-0\", reference:\"1.10.5-1+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbotan1.10-dev\", reference:\"1.10.5-1+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-12-16T21:39:56", "description": "A cryptographic cache-based side channel in the RSA implementation in Botan\nbefore 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to\nrecover information about RSA secret keys, as demonstrated by CacheD. This\noccurs because an array is indexed with bits derived from a secret key.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-26T00:00:00", "type": "ubuntucve", "title": "CVE-2017-14737", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-09-26T00:00:00", "id": "UB:CVE-2017-14737", "href": "https://ubuntu.com/security/CVE-2017-14737", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-11-22T21:41:56", "description": "A programming error exists in a way Randombit Botan cryptographic library\nversion 2.0.1 implements x500 string comparisons which could lead to\ncertificate verification issues and abuse. A specially crafted X509\ncertificate would need to be delivered to the client or server application\nin order to trigger this vulnerability.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860072>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T00:00:00", "type": "ubuntucve", "title": "CVE-2017-2801", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2801"], "modified": "2017-05-24T00:00:00", "id": "UB:CVE-2017-2801", "href": "https://ubuntu.com/security/CVE-2017-2801", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:48:15", "description": "A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-09-26T01:29:00", "type": "cve", "title": "CVE-2017-14737", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2021-12-15T14:11:00", "cpe": ["cpe:/a:botan_project:botan:1.11.6", "cpe:/a:botan_project:botan:1.11.4", "cpe:/a:botan_project:botan:1.11.8", "cpe:/a:botan_project:botan:1.11.12", "cpe:/a:botan_project:botan:1.11.25", "cpe:/a:botan_project:botan:1.11.34", "cpe:/a:botan_project:botan:1.11.15", "cpe:/a:botan_project:botan:2.1.0", "cpe:/a:botan_project:botan:1.11.2", "cpe:/a:botan_project:botan:1.11.20", "cpe:/a:botan_project:botan:1.11.11", "cpe:/a:botan_project:botan:1.11.9", "cpe:/a:botan_project:botan:1.11.26", "cpe:/o:debian:debian_linux:9.0", "cpe:/a:botan_project:botan:2.0.1", "cpe:/a:botan_project:botan:1.11.16", "cpe:/a:botan_project:botan:1.11.13", "cpe:/a:botan_project:botan:1.11.27", "cpe:/a:botan_project:botan:1.11.14", "cpe:/a:botan_project:botan:1.11.22", "cpe:/a:botan_project:botan:1.11.10", "cpe:/a:botan_project:botan:1.10.16", "cpe:/a:botan_project:botan:1.11.18", "cpe:/a:botan_project:botan:1.11.7", "cpe:/a:botan_project:botan:1.11.17", "cpe:/a:botan_project:botan:1.11.3", "cpe:/a:botan_project:botan:2.2.0", "cpe:/a:botan_project:botan:1.11.24", "cpe:/a:botan_project:botan:1.11.19", "cpe:/a:botan_project:botan:2.0.0", "cpe:/a:botan_project:botan:1.11.33", "cpe:/a:botan_project:botan:1.11.23", "cpe:/a:botan_project:botan:1.11.21", "cpe:/a:botan_project:botan:1.11.1", "cpe:/a:botan_project:botan:1.11.5", "cpe:/a:botan_project:botan:1.11.0", "cpe:/a:botan_project:botan:1.11.28"], "id": "CVE-2017-14737", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14737", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.10.16:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-19T21:50:52", "description": "A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-24T14:29:00", "type": "cve", "title": "CVE-2017-2801", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2801"], "modified": "2022-04-19T19:15:00", "cpe": ["cpe:/a:botan_project:botan:2.0.1"], "id": "CVE-2017-2801", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2801", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2021-12-16T09:48:13", "description": "A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-09-26T01:29:00", "type": "debiancve", "title": "CVE-2017-14737", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-09-26T01:29:00", "id": "DEBIANCVE:CVE-2017-14737", "href": "https://security-tracker.debian.org/tracker/CVE-2017-14737", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-14T17:46:32", "description": "A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-24T14:29:00", "type": "debiancve", "title": "CVE-2017-2801", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2801"], "modified": "2017-05-24T14:29:00", "id": "DEBIANCVE:CVE-2017-2801", "href": "https://security-tracker.debian.org/tracker/CVE-2017-2801", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "In the Montgomery exponentiation code, a table of precomputed values is used. An attacker able to analyze which cache lines were accessed (perhaps via an active attack such as Prime+Probe) could recover information about the exponent (CVE-2017-14737). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2017-11-20T21:18:02", "type": "mageia", "title": "Updated botan packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-11-20T21:18:02", "id": "MGASA-2017-0422", "href": "https://advisories.mageia.org/MGASA-2017-0422.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate (CVE-2017-2801). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-03T14:31:33", "type": "mageia", "title": "Updated botan packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2801"], "modified": "2017-09-03T14:31:33", "id": "MGASA-2017-0327", "href": "https://advisories.mageia.org/MGASA-2017-0327.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "While decoding BER length fields, an integer overflow could occur. This could occur while parsing untrusted inputs such as X.509 certificates. The overflow does not seem to lead to any obviously exploitable condition, but exploitation cannot be positively ruled out. Only 32-bit platforms are likely affected; to cause an overflow on 64-bit the parsed data would have to be many gigabytes (CVE-2016-9132). Aleksandar Nikolic discovered that an error in the x509 parser of the Botan crypto library could result in an out-of-bounds memory read, resulting in denial of service or an information leak if processing a malformed certificate (CVE-2017-2801). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-09-01T21:10:29", "type": "mageia", "title": "Updated botan packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9132", "CVE-2017-2801"], "modified": "2017-09-01T21:10:29", "id": "MGASA-2017-0321", "href": "https://advisories.mageia.org/MGASA-2017-0321.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2021-12-16T10:45:02", "description": "Arch Linux Security Advisory ASA-201710-17\n==========================================\n\nSeverity: Medium\nDate : 2017-10-12\nCVE-ID : CVE-2017-14737\nPackage : botan\nType : information disclosure\nRemote : No\nLink : https://security.archlinux.org/AVG-416\n\nSummary\n=======\n\nThe package botan before version 2.3.0-1 is vulnerable to information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 2.3.0-1.\n\n# pacman -Syu \"botan>=2.3.0-1\"\n\nThe problem has been fixed upstream in version 2.3.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA cryptographic cache-based side channel in the RSA implementation in\nBotan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local\nattacker to recover information about RSA secret keys, as demonstrated\nby CacheD. This occurs because an array is indexed with bits derived\nfrom a secret key.\n\nImpact\n======\n\nA local attacker is able to use a cache-based side channel attack to\nrecover information about RSA secret keys.\n\nReferences\n==========\n\nhttps://github.com/randombit/botan/issues/1222\nhttps://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da\nhttps://github.com/randombit/botan/commit/2718c02d429d024b2cd65534f7e54cab1d123348\nhttps://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai\nhttps://security.archlinux.org/CVE-2017-14737", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2017-10-12T00:00:00", "type": "archlinux", "title": "[ASA-201710-17] botan: information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-14737"], "modified": "2017-10-12T00:00:00", "id": "ASA-201710-17", "href": "https://security.archlinux.org/ASA-201710-17", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "talos": [{"lastseen": "2022-01-26T11:53:17", "description": "### Summary\n\nA programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.\n\n### Tested Versions\n\nRandombit Botan 2.0.1\n\n### Product URLs\n\n<https://botan.randombit.net/>\n\n### CVSSv3 Score\n\n6.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\n\n### CWE\n\nCWE-125: Out-of-bounds Read\n\n### Details\n\nBotan is a C++ cryptographic library that implements the basis for practical systems that require TLS, PKIX certificate handling, password hashing or other cryptographic primitives.\n\nThere exists a programming error in code related to x509 distinguished name parsing. Namely, an x509 DN comparison function can lead to out of bounds memory access leading to unexpected results, information disclosure or potential denial of service.\n\nThe vulnerability is located in the overloaded equality comparison function `Botan::x500_name_cmp`:\n \n \n bool x500_name_cmp(const std::string& name1, const std::string& name2)\n \t {\n \t auto p1 = name1.begin();\n \t auto p2 = name2.begin();\n \n \n \t while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; [1]\n \t while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;\n \n \n \t while(p1 != name1.end() && p2 != name2.end())\n \t\t\t{\n \t\t\tif(Charset::is_space(*p1)) [2]\n \t\t\t\t {\n \t\t\t\t if(!Charset::is_space(*p2)) [3]\n \t\t\t\t\t\treturn false;\n \n \n \t\t\t\t while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; [4]\n \t\t\t\t while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2; [5]\n \n \n \t\t\t\t if(p1 == name1.end() && p2 == name2.end()) [6]\n \t\t\t\t\t\treturn true;\n \t\t\t\t }\n \n \n \t\t\tif(!Charset::caseless_cmp(*p1, *p2)) [7]\n \t\t\t\t return false;\n \t\t\t++p1; [8]\n \t\t\t++p2;\n \t\t\t}\n \n \n \t while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;\n \t while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;\n \n \n \t if((p1 != name1.end()) || (p2 != name2.end()))\n \t\t\treturn false;\n \t return true;\n \t }\n \n\nFirst, at [1], initiall whitespaces are skipped. Then, strings are compared byte by byte in a loop while checking for whitespace at [2]. If a space occurs in the first string [2] and the second too [3], those are again skipped at [4] and [5]. Then, at [6], if both have reached an end, `true` is returned. If not, another comparison is made at [7] and if it passes, the pointers are increased at [8].\n\nThe vulnerability lies in the way whitespaces are handeled. If we are comparing two strings which are initially the same up to a space character, we would enter while loops at [4] and [5]. Now, if one string contains a NULL byte after that space, and the other has spaces until its end, the check at [6] won\u2019t be true, because only the second string would point to its end. However, both are actually pointing at a NULL byte, which means the check at [7] will still hold true, and pointers are once again increased at [8]. Then when the loop rolls around, one of the pointers can point outside its allocated buffer, leading to unexpected behaviour.\n\nA specially crafted x509 certificate with specific x509 DN strings for subject and issuer fields can be created. Example strings that satisfy the above conditions are:\n \n \n String 1: AA\\x20\\x00AAAAAAAAAA\n String 2: AA\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\n \n\nNotice that both are the same length, begin with same characters up until space after which the first is terminated and the second has spaces till the end. Because of the way these pieces of certificate are copied from the x509 file to their memory buffers, the first string\u2019s length won\u2019t be 3, that is, it won\u2019t be terminated at the first NULL.\n\nWith careful control over X509 distinguished names contents and depending on memory layout in the target application, it could be possible to craft a certificate where equality checks could pass or fail. Also, a discrepancy between a way these malformed strings are handled in Botan and other x509 libraries could lead to other types of abuse, possibly not unlike the famed CVE-2009-2408.\n\nThe vulnerability can be triggered with the supplied example x509 certificate.\n\n### Crash Information\n\nAddress sanitizer output:\n \n \n botan/botan cert_info --ber cert1.der 2>&1| asan_symbolize -d\n =================================================================\n ==15015==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000dfa3 at pc 0x7f027ec92e85 bp 0x7ffdf452fe60 sp 0x7ffdf452fe58\n READ of size 1 at 0x60300000dfa3 thread T0\n \t\t#0 0x7f027ec92e84 in Botan::x500_name_cmp(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) botan/./src/lib/utils/parsing.cpp:232\n \t\t#1 0x7f027ec92e84 in ?? ??:0\n \t\t#2 0x7f027e269f2a in Botan::operator==(Botan::X509_DN const&, Botan::X509_DN const&) botan/./src/lib/asn1/x509_dn.cpp:153\n \t\t#3 0x7f027e269f2a in ?? ??:0\n \t\t#4 0x7f027ed8b8f4 in Botan::X509_Certificate::force_decode() botan/./src/lib/x509/x509cert.cpp:149\n \t\t#5 0x7f027ed8b8f4 in ?? ??:0\n \t\t#6 0x7f027ed85263 in Botan::X509_Object::do_decode() botan/./src/lib/x509/x509_obj.cpp:235\n \t\t#7 0x7f027ed85263 in ?? ??:0\n \t\t#8 0x7f027ed877b1 in X509_Certificate botan/./src/lib/x509/x509cert.cpp:50\n \t\t#9 0x7f027ed877b1 in ?? ??:0\n \t\t#10 0x5fcc93 in Botan_CLI::Cert_Info::go() botan/./src/cli/x509.cpp:85\n \t\t#11 0x5fcc93 in ?? ??:0\n \t\t#12 0x520ed5 in Botan_CLI::Command::run(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) botan/./src/cli/cli.h:229\n \t\t#13 0x520ed5 in ?? ??:0\n \t\t#14 0x51ca4f in main botan/./src/cli/main.cpp:60\n \t\t#15 0x51ca4f in ?? ??:0\n \t\t#16 0x7f027d16982f in __libc_start_main /build/glibc-Qz8a69/glibc-2.23/csu/../csu/libc-start.c:291\n \t\t#17 0x7f027d16982f in ?? ??:0\n \t\t#18 0x42e328 in _start ??:?\n \t\t#19 0x42e328 in ?? ??:0\n \n \n 0x60300000dfa3 is located 0 bytes to the right of 19-byte region [0x60300000df90,0x60300000dfa3)\n allocated by thread T0 here:\n \t\t#0 0x4ce458 in __interceptor_malloc ??:?\n \t\t#1 0x4ce458 in ?? ??:0\n \t\t#2 0x7f027f296e77 in operator new(unsigned long) ??:?\n \t\t#3 0x7f027f296e77 in ?? ??:0\n \t\t#4 0x7f027e272283 in std::pair<std::__decay_and_strip<Botan::OID const&>::__type, std::__decay_and_strip<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>::__type> std::make_pair<Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_pair.h:281 (discriminator 4)\n \t\t#5 0x7f027e272283 in void Botan::multimap_insert<Botan::OID, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::multimap<Botan::OID, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<Botan::OID>, std::allocator<std::pair<Botan::OID const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) botan/build/include/botan/internal/stl_util.h:79 (discriminator 4)\n \t\t#6 0x7f027e272283 in ?? ??:0\n \t\t#7 0x7f027e2671eb in Botan::X509_DN::get_attributes[abi:cxx11]() const botan/./src/lib/asn1/x509_dn.cpp:78 (discriminator 1)\n \t\t#8 0x7f027e2671eb in ?? ??:0\n \t\t#9 0x7f027e269d49 in Botan::operator==(Botan::X509_DN const&, Botan::X509_DN const&) botan/./src/lib/asn1/x509_dn.cpp:138 (discriminator 1)\n \t\t#10 0x7f027e269d49 in ?? ??:0\n \t\t#11 0x7f027ed8b8f4 in Botan::X509_Certificate::force_decode() botan/./src/lib/x509/x509cert.cpp:149\n \t\t#12 0x7f027ed8b8f4 in ?? ??:0\n \t\t#13 0x7f027ed85263 in Botan::X509_Object::do_decode() botan/./src/lib/x509/x509_obj.cpp:235\n \t\t#14 0x7f027ed85263 in ?? ??:0\n \t\t#15 0x7f027ed877b1 in X509_Certificate botan/./src/lib/x509/x509cert.cpp:50\n \t\t#16 0x7f027ed877b1 in ?? ??:0\n \t\t#17 0x5fcc93 in Botan_CLI::Cert_Info::go() botan/./src/cli/x509.cpp:85\n \t\t#18 0x5fcc93 in ?? ??:0\n \t\t#19 0x520ed5 in Botan_CLI::Command::run(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) botan/./src/cli/cli.h:229\n \t\t#20 0x520ed5 in ?? ??:0\n \t\t#21 0x51ca4f in main botan/./src/cli/main.cpp:60\n \t\t#22 0x51ca4f in ?? ??:0\n \t\t#23 0x7f027d16982f in __libc_start_main /build/glibc-Qz8a69/glibc-2.23/csu/../csu/libc-start.c:291\n \t\t#24 0x7f027d16982f in ?? ??:0\n \n \n SUMMARY: AddressSanitizer: heap-buffer-overflow (botan/libbotan-2.so.0+0xc38e84)\n Shadow bytes around the buggy address:\n \t0x0c067fff9ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n \t0x0c067fff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n \t0x0c067fff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n \t0x0c067fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\n \t0x0c067fff9be0: fa fa fa fa fa fa 00 00 03 fa fa fa fd fd fd fa\n =>0x0c067fff9bf0: fa fa 00 00[03]fa fa fa fd fd fd fa fa fa 00 00\n \t0x0c067fff9c00: 00 04 fa fa fd fd fd fd fa fa 00 00 00 03 fa fa\n \t0x0c067fff9c10: fd fd fd fd fa fa 00 00 00 03 fa fa fd fd fd fd\n \t0x0c067fff9c20: fa fa 00 00 05 fa fa fa fd fd fd fa fa fa 00 00\n \t0x0c067fff9c30: 07 fa fa fa fd fd fd fa fa fa 00 00 01 fa fa fa\n \t0x0c067fff9c40: 00 00 00 fa fa fa fd fd fd fa fa fa fd fd fd fa\n Shadow byte legend (one shadow byte represents 8 application bytes):\n \tAddressable: 00\n \tPartially addressable: 01 02 03 04 05 06 07\n \tHeap left redzone: fa\n \tHeap right redzone: fb\n \tFreed heap region: fd\n \tStack left redzone: f1\n \tStack mid redzone: f2\n \tStack right redzone: f3\n \tStack partial redzone: f4\n \tStack after return: f5\n \tStack use after scope: f8\n \tGlobal redzone: f9\n \tGlobal init order: f6\n \tPoisoned by user: f7\n \tContainer overflow: fc\n \tArray cookie: ac\n \tIntra object redzone: bb\n \tASan internal: fe\n \tLeft alloca redzone: ca\n \tRight alloca redzone: cb\n ==15015==ABORTING\n \n\n### Mitigation\n\nAdding another check which tests if either string is at the end while the other is not, which would make them different, is enough to resolve this vulnerability:\n \n \n diff --git a/src/lib/utils/parsing.cpp b/src/lib/utils/parsing.cpp\n index 8fd2ccc..ce4b02f 100644\n --- a/src/lib/utils/parsing.cpp\n +++ b/src/lib/utils/parsing.cpp\n @@ -240,6 +240,11 @@ bool x500_name_cmp(const std::string& name1, const std::string& name2)\n \t\t\t\t\tif(p1 == name1.end() && p2 == name2.end())\n \t\t\t\t\t\t return true;\n + if(p1 == name1.end() || p2 == name2.end())\n + return false;\n \t\t\t\t\t}\n \n \n \t\t\t if(!Charset::caseless_cmp(*p1, *p2))\n \t\t\t\t\treturn false;\n \n\n### Timeline\n\n2017-03-16 - Vendor Disclosure \n2017-04-28 - Public Release\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-28T00:00:00", "type": "talos", "title": "Randombit Botan Library X509 Certificate Validation Bypass Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-2408", "CVE-2017-2801"], "modified": "2017-04-28T00:00:00", "id": "TALOS-2017-0294", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0294", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T12:01:06", "description": "### Summary\r\nA programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability.\r\n\r\n### Tested Versions\r\nRandombit Botan 2.0.1\r\n\r\n### Product URLs\r\nhttps://botan.randombit.net/\r\n\r\n### CVSSv3 Score\r\n6.5 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L\r\n\r\n### CWE\r\nCWE-125: Out-of-bounds Read\r\n### Details\r\nBotan is a C++ cryptographic library that implements the basis for practical systems that require TLS, PKIX certificate handling, password hashing or other cryptographic primitives.\r\n\r\nThere exists a programming error in code related to x509 distinguished name parsing. Namely, an x509 DN comparison function can lead to out of bounds memory access leading to unexpected results, information disclosure or potential denial of service.\r\n\r\nThe vulnerability is located in the overloaded equality comparison function `Botan::x500_name_cmp`:\r\n```\r\nbool x500_name_cmp(const std::string& name1, const std::string& name2)\r\n {\r\n auto p1 = name1.begin();\r\n auto p2 = name2.begin();\r\n\r\n\r\n while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; [1]\r\n while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;\r\n\r\n\r\n while(p1 != name1.end() && p2 != name2.end())\r\n {\r\n if(Charset::is_space(*p1)) [2]\r\n {\r\n if(!Charset::is_space(*p2)) [3]\r\n return false;\r\n\r\n\r\n while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1; [4]\r\n while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2; [5]\r\n\r\n\r\n if(p1 == name1.end() && p2 == name2.end()) [6]\r\n return true;\r\n }\r\n\r\n\r\n if(!Charset::caseless_cmp(*p1, *p2)) [7]\r\n return false;\r\n ++p1; [8]\r\n ++p2;\r\n }\r\n\r\n\r\n while((p1 != name1.end()) && Charset::is_space(*p1)) ++p1;\r\n while((p2 != name2.end()) && Charset::is_space(*p2)) ++p2;\r\n\r\n\r\n if((p1 != name1.end()) || (p2 != name2.end()))\r\n return false;\r\n return true;\r\n }\r\n ```\r\nFirst, at [1], initiall whitespaces are skipped. Then, strings are compared byte by byte in a loop while checking for whitespace at [2]. If a space occurs in the first string [2] and the second too [3], those are again skipped at [4] and [5]. Then, at [6], if both have reached an end, true is returned. If not, another comparison is made at [7] and if it passes, the pointers are increased at [8].\r\n\r\nThe vulnerability lies in the way whitespaces are handeled. If we are comparing two strings which are initially the same up to a space character, we would enter while loops at [4] and [5]. Now, if one string contains a NULL byte after that space, and the other has spaces until its end, the check at [6] won\u2019t be true, because only the second string would point to its end. However, both are actually pointing at a NULL byte, which means the check at [7] will still hold true, and pointers are once again increased at [8]. Then when the loop rolls around, one of the pointers can point outside its allocated buffer, leading to unexpected behaviour.\r\n\r\nA specially crafted x509 certificate with specific x509 DN strings for subject and issuer fields can be created. Example strings that satisfy the above conditions are:\r\n```\r\nString 1: AA\\x20\\x00AAAAAAAAAA\r\nString 2: AA\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\\x20\r\n```\r\n\r\nNotice that both are the same length, begin with same characters up until space after which the first is terminated and the second has spaces till the end. Because of the way these pieces of certificate are copied from the x509 file to their memory buffers, the first string\u2019s length won\u2019t be 3, that is, it won\u2019t be terminated at the first NULL.\r\n\r\nWith careful control over X509 distinguished names contents and depending on memory layout in the target application, it could be possible to craft a certificate where equality checks could pass or fail. Also, a discrepancy between a way these malformed strings are handled in Botan and other x509 libraries could lead to other types of abuse, possibly not unlike the famed CVE-2009-2408.\r\n\r\nThe vulnerability can be triggered with the supplied example x509 certificate.\r\n\r\n### Crash Information\r\nAddress sanitizer output:\r\n```\r\nbotan/botan cert_info --ber cert1.der 2>&1| asan_symbolize -d\r\n=================================================================\r\n==15015==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60300000dfa3 at pc 0x7f027ec92e85 bp 0x7ffdf452fe60 sp 0x7ffdf452fe58\r\nREAD of size 1 at 0x60300000dfa3 thread T0\r\n #0 0x7f027ec92e84 in Botan::x500_name_cmp(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) botan/./src/lib/utils/parsing.cpp:232\r\n #1 0x7f027ec92e84 in ?? ??:0\r\n #2 0x7f027e269f2a in Botan::operator==(Botan::X509_DN const&, Botan::X509_DN const&) botan/./src/lib/asn1/x509_dn.cpp:153\r\n #3 0x7f027e269f2a in ?? ??:0\r\n #4 0x7f027ed8b8f4 in Botan::X509_Certificate::force_decode() botan/./src/lib/x509/x509cert.cpp:149\r\n #5 0x7f027ed8b8f4 in ?? ??:0\r\n #6 0x7f027ed85263 in Botan::X509_Object::do_decode() botan/./src/lib/x509/x509_obj.cpp:235\r\n #7 0x7f027ed85263 in ?? ??:0\r\n #8 0x7f027ed877b1 in X509_Certificate botan/./src/lib/x509/x509cert.cpp:50\r\n #9 0x7f027ed877b1 in ?? ??:0\r\n #10 0x5fcc93 in Botan_CLI::Cert_Info::go() botan/./src/cli/x509.cpp:85\r\n #11 0x5fcc93 in ?? ??:0\r\n #12 0x520ed5 in Botan_CLI::Command::run(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) botan/./src/cli/cli.h:229\r\n #13 0x520ed5 in ?? ??:0\r\n #14 0x51ca4f in main botan/./src/cli/main.cpp:60\r\n #15 0x51ca4f in ?? ??:0\r\n #16 0x7f027d16982f in __libc_start_main /build/glibc-Qz8a69/glibc-2.23/csu/../csu/libc-start.c:291\r\n #17 0x7f027d16982f in ?? ??:0\r\n #18 0x42e328 in _start ??:?\r\n #19 0x42e328 in ?? ??:0\r\n\r\n\r\n0x60300000dfa3 is located 0 bytes to the right of 19-byte region [0x60300000df90,0x60300000dfa3)\r\nallocated by thread T0 here:\r\n #0 0x4ce458 in __interceptor_malloc ??:?\r\n #1 0x4ce458 in ?? ??:0\r\n #2 0x7f027f296e77 in operator new(unsigned long) ??:?\r\n #3 0x7f027f296e77 in ?? ??:0\r\n #4 0x7f027e272283 in std::pair<std::__decay_and_strip<Botan::OID const&>::__type, std::__decay_and_strip<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>::__type> std::make_pair<Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&>(Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.0/../../../../include/c++/5.4.0/bits/stl_pair.h:281 (discriminator 4)\r\n #5 0x7f027e272283 in void Botan::multimap_insert<Botan::OID, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > >(std::multimap<Botan::OID, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<Botan::OID>, std::allocator<std::pair<Botan::OID const, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > >&, Botan::OID const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) botan/build/include/botan/internal/stl_util.h:79 (discriminator 4)\r\n #6 0x7f027e272283 in ?? ??:0\r\n #7 0x7f027e2671eb in Botan::X509_DN::get_attributes[abi:cxx11]() const botan/./src/lib/asn1/x509_dn.cpp:78 (discriminator 1)\r\n #8 0x7f027e2671eb in ?? ??:0\r\n #9 0x7f027e269d49 in Botan::operator==(Botan::X509_DN const&, Botan::X509_DN const&) botan/./src/lib/asn1/x509_dn.cpp:138 (discriminator 1)\r\n #10 0x7f027e269d49 in ?? ??:0\r\n #11 0x7f027ed8b8f4 in Botan::X509_Certificate::force_decode() botan/./src/lib/x509/x509cert.cpp:149\r\n #12 0x7f027ed8b8f4 in ?? ??:0\r\n #13 0x7f027ed85263 in Botan::X509_Object::do_decode() botan/./src/lib/x509/x509_obj.cpp:235\r\n #14 0x7f027ed85263 in ?? ??:0\r\n #15 0x7f027ed877b1 in X509_Certificate botan/./src/lib/x509/x509cert.cpp:50\r\n #16 0x7f027ed877b1 in ?? ??:0\r\n #17 0x5fcc93 in Botan_CLI::Cert_Info::go() botan/./src/cli/x509.cpp:85\r\n #18 0x5fcc93 in ?? ??:0\r\n #19 0x520ed5 in Botan_CLI::Command::run(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&) botan/./src/cli/cli.h:229\r\n #20 0x520ed5 in ?? ??:0\r\n #21 0x51ca4f in main botan/./src/cli/main.cpp:60\r\n #22 0x51ca4f in ?? ??:0\r\n #23 0x7f027d16982f in __libc_start_main /build/glibc-Qz8a69/glibc-2.23/csu/../csu/libc-start.c:291\r\n #24 0x7f027d16982f in ?? ??:0\r\n\r\n\r\nSUMMARY: AddressSanitizer: heap-buffer-overflow (botan/libbotan-2.so.0+0xc38e84)\r\nShadow bytes around the buggy address:\r\n 0x0c067fff9ba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c067fff9bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c067fff9bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c067fff9bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\r\n 0x0c067fff9be0: fa fa fa fa fa fa 00 00 03 fa fa fa fd fd fd fa\r\n=>0x0c067fff9bf0: fa fa 00 00[03]fa fa fa fd fd fd fa fa fa 00 00\r\n 0x0c067fff9c00: 00 04 fa fa fd fd fd fd fa fa 00 00 00 03 fa fa\r\n 0x0c067fff9c10: fd fd fd fd fa fa 00 00 00 03 fa fa fd fd fd fd\r\n 0x0c067fff9c20: fa fa 00 00 05 fa fa fa fd fd fd fa fa fa 00 00\r\n 0x0c067fff9c30: 07 fa fa fa fd fd fd fa fa fa 00 00 01 fa fa fa\r\n 0x0c067fff9c40: 00 00 00 fa fa fa fd fd fd fa fa fa fd fd fd fa\r\nShadow byte legend (one shadow byte represents 8 application bytes):\r\n Addressable: 00\r\n Partially addressable: 01 02 03 04 05 06 07\r\n Heap left redzone: fa\r\n Heap right redzone: fb\r\n Freed heap region: fd\r\n Stack left redzone: f1\r\n Stack mid redzone: f2\r\n Stack right redzone: f3\r\n Stack partial redzone: f4\r\n Stack after return: f5\r\n Stack use after scope: f8\r\n Global redzone: f9\r\n Global init order: f6\r\n Poisoned by user: f7\r\n Container overflow: fc\r\n Array cookie: ac\r\n Intra object redzone: bb\r\n ASan internal: fe\r\n Left alloca redzone: ca\r\n Right alloca redzone: cb\r\n==15015==ABORTING\r\n```\r\n\r\n### Mitigation\r\nAdding another check which tests if either string is at the end while the other is not, which would make them different, is enough to resolve this vulnerability:\r\n```\r\ndiff --git a/src/lib/utils/parsing.cpp b/src/lib/utils/parsing.cpp\r\nindex 8fd2ccc..ce4b02f 100644\r\n--- a/src/lib/utils/parsing.cpp\r\n+++ b/src/lib/utils/parsing.cpp\r\n@@ -240,6 +240,11 @@ bool x500_name_cmp(const std::string& name1, const std::string& name2)\r\n if(p1 == name1.end() && p2 == name2.end())\r\n return true;\r\n+ if(p1 == name1.end() || p2 == name2.end())\r\n+ return false;\r\n }\r\n\r\n\r\n if(!Charset::caseless_cmp(*p1, *p2))\r\n return false;\r\n```\r\n### Timeline\r\n* 2017-03-16 - Vendor Disclosure\r\n* 2017-04-28 - Public Release\r\n\r\n### CREDIT\r\n* Discovered by Aleksandar Nikolic of Cisco Talos.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "seebug", "title": "Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-2408", "CVE-2017-2801"], "modified": "2017-09-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96525", "id": "SSV:96525", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}

[SECURITY] Fedora 25 Update: botan-1.10.17-1.fc25

Description

Affected Package

Related