Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1551.NASLHistoryOct 27, 2020 - 12:00 a.m.
Amazon Linux 2 : zziplib (ALAS-2020-1551)
2020-10-2700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
5.6 Medium
AI Score
Confidence
High
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1551 advisory.
- Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a … (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
(CVE-2018-17828)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1551.
##
include('compat.inc');
if (description)
{
script_id(141948);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/13");
script_cve_id("CVE-2018-17828");
script_xref(name:"ALAS", value:"2020-1551");
script_name(english:"Amazon Linux 2 : zziplib (ALAS-2020-1551)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a
vulnerability as referenced in the ALAS2-2020-1551 advisory.
- Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a
.. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.
(CVE-2018-17828)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1551.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-17828");
script_set_attribute(attribute:"solution", value:
"Run 'yum update zziplib' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17828");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/01");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:zziplib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:zziplib-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:zziplib-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:zziplib-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
pkgs = [
{'reference':'zziplib-0.13.62-12.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'zziplib-0.13.62-12.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'zziplib-0.13.62-12.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'zziplib-debuginfo-0.13.62-12.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'zziplib-debuginfo-0.13.62-12.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'zziplib-debuginfo-0.13.62-12.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'zziplib-devel-0.13.62-12.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'zziplib-devel-0.13.62-12.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'zziplib-devel-0.13.62-12.amzn2', 'cpu':'x86_64', 'release':'AL2'},
{'reference':'zziplib-utils-0.13.62-12.amzn2', 'cpu':'aarch64', 'release':'AL2'},
{'reference':'zziplib-utils-0.13.62-12.amzn2', 'cpu':'i686', 'release':'AL2'},
{'reference':'zziplib-utils-0.13.62-12.amzn2', 'cpu':'x86_64', 'release':'AL2'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zziplib / zziplib-debuginfo / zziplib-devel / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | zziplib | p-cpe:/a:amazon:linux:zziplib |
| amazon | linux | zziplib-debuginfo | p-cpe:/a:amazon:linux:zziplib-debuginfo |
| amazon | linux | zziplib-devel | p-cpe:/a:amazon:linux:zziplib-devel |
| amazon | linux | zziplib-utils | p-cpe:/a:amazon:linux:zziplib-utils |
| amazon | linux | 2 | cpe:/o:amazon:linux:2 |
Related
oraclelinux
oraclelinux
zziplib security update
2020-05-05 00:00:00
zziplib security update
2020-04-06 00:00:00
redhat
redhat
(RHSA-2020:1178) Moderate: zziplib security update
2020-03-31 09:28:43
(RHSA-2020:1653) Moderate: zziplib security update
2020-04-28 09:01:25
centos
centos
zziplib security update
2020-04-08 20:12:32
nessus
nessus
RHEL 8 : zziplib (RHSA-2020:1653)
2020-04-28 00:00:00
Scientific Linux Security Update : zziplib on SL7.x x86_64 (20200407)
2020-04-21 00:00:00
SUSE SLED15 / SLES15 Security Update : zziplib (SUSE-SU-2018:3220-1)
2019-01-02 00:00:00
veracode
veracode
Arbitrary File Write
2018-10-02 07:40:14
almalinux
almalinux
Moderate: zziplib security update
2020-04-28 09:01:25
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:3220-1)
2021-06-09 00:00:00
openSUSE: Security Advisory for zziplib (openSUSE-SU-2018:3314-1)
2018-10-26 00:00:00
openSUSE: Security Advisory for zziplib (openSUSE-SU-2018:3446-1)
2018-10-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-17828 affecting package zziplib for versions less than 0.13.69-8
2023-01-27 21:29:56
CVE-2018-17828 affecting package zziplib for versions less than 0.13.69-8
2023-01-27 21:29:56
prion
prion
Directory traversal
2018-10-01 08:29:00
redhatcve
redhatcve
CVE-2018-17828
2018-10-03 20:49:48
suse
suse
Security update for zziplib (moderate)
2018-10-25 18:18:12
Security update for zziplib (moderate)
2018-10-23 15:15:12
osv
osv
Moderate: zziplib security update
2020-04-28 09:01:25
CVE-2018-17828
2018-10-01 08:29:01
Moderate: zziplib security update
2020-04-28 09:01:25
ubuntucve
ubuntucve
CVE-2018-17828
2018-10-01 00:00:00
rocky
rocky
zziplib security update
2020-04-28 09:01:25
amazon
amazon
Medium: zziplib
2020-10-22 18:44:00
cve
cve
CVE-2018-17828
2018-10-01 08:29:00
debiancve
debiancve
CVE-2018-17828
2018-10-01 08:29:00
alpinelinux
alpinelinux
CVE-2018-17828
2018-10-01 08:29:00
mageia
mageia
Updated zziplib packages fix security vulnerability
2019-02-21 01:18:01