Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2024-2412.NASL
HistoryJan 09, 2024 - 12:00 a.m.

Amazon Linux 2 : ncurses (ALAS-2024-2412)

2024-01-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
amazon linux 2
ncurses
heap-based buffer over-read
buffer overflow
denial of service
cve-2019-17594
cve-2019-17595
cve-2020-19185
cve-2020-19186
cve-2020-19187
cve-2020-19188
cve-2020-19189
cve-2020-19190
alas2-2024-2412
remote attackers
self-reported version number

7.7 High

AI Score

Confidence

High

JSON

The version of ncurses installed on the remote host is prior to 6.0-8.20170212. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2412 advisory.

  • There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17594)

  • There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. (CVE-2019-17595)

  • Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19185)

  • Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19186)

  • Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19187)

  • Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19188)

  • Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19189)

  • Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19190)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2024-2412.
##

include('compat.inc');

if (description)
{
  script_id(187824);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/10");

  script_cve_id(
    "CVE-2019-17594",
    "CVE-2019-17595",
    "CVE-2020-19185",
    "CVE-2020-19186",
    "CVE-2020-19187",
    "CVE-2020-19188",
    "CVE-2020-19189",
    "CVE-2020-19190"
  );

  script_name(english:"Amazon Linux 2 : ncurses (ALAS-2024-2412)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of ncurses installed on the remote host is prior to 6.0-8.20170212. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2024-2412 advisory.

  - There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo
    library in ncurses before 6.1-20191012. (CVE-2019-17594)

  - There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo
    library in ncurses before 6.1-20191012. (CVE-2019-17595)

  - Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows
    remote attackers to cause a denial of service via crafted command. (CVE-2020-19185)

  - Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows
    remote attackers to cause a denial of service via crafted command. (CVE-2020-19186)

  - Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows
    remote attackers to cause a denial of service via crafted command. (CVE-2020-19187)

  - Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows
    remote attackers to cause a denial of service via crafted command. (CVE-2020-19188)

  - Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1
    allows remote attackers to cause a denial of service via crafted command. (CVE-2020-19189)

  - Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote
    attackers to cause a denial of service via crafted command. (CVE-2020-19190)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2024-2412.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2019-17594.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2019-17595.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-19185.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-19186.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-19187.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-19188.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-19189.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-19190.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update ncurses' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17595");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-c++-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-compat-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ncurses-term");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'ncurses-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-base-6.0-8.20170212.amzn2.1.6', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-c++-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-c++-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-c++-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-compat-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-compat-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-compat-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-debuginfo-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-debuginfo-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-debuginfo-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-devel-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-devel-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-devel-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-libs-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-static-6.0-8.20170212.amzn2.1.6', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-static-6.0-8.20170212.amzn2.1.6', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-static-6.0-8.20170212.amzn2.1.6', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'ncurses-term-6.0-8.20170212.amzn2.1.6', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncurses / ncurses-base / ncurses-c++-libs / etc");
}
VendorProductVersionCPE
amazonlinuxncursesp-cpe:/a:amazon:linux:ncurses
amazonlinuxncurses-basep-cpe:/a:amazon:linux:ncurses-base
amazonlinuxncurses-c%2b%2b-libsp-cpe:/a:amazon:linux:ncurses-c%2b%2b-libs
amazonlinuxncurses-compat-libsp-cpe:/a:amazon:linux:ncurses-compat-libs
amazonlinuxncurses-debuginfop-cpe:/a:amazon:linux:ncurses-debuginfo
amazonlinuxncurses-develp-cpe:/a:amazon:linux:ncurses-devel
amazonlinuxncurses-libsp-cpe:/a:amazon:linux:ncurses-libs
amazonlinuxncurses-staticp-cpe:/a:amazon:linux:ncurses-static
amazonlinuxncurses-termp-cpe:/a:amazon:linux:ncurses-term
amazonlinux2cpe:/o:amazon:linux:2

References

Related

amazon 1
nessus 30
openvas 21
gentoo 1
suse 2
osv 14
rocky 1
redhat 26
oraclelinux 1
ibm 6
rosalinux 2
mageia 1
almalinux 1
ubuntucve 8
ubuntu 3
cve 8
redhatcve 8
prion 8
debiancve 8
debian 1
cloudfoundry 1
alpinelinux 2
veracode 2
apple 3
photon 6
ics 1
amazon
amazon
Medium: ncurses
2024-01-03 22:21:00
nessus
nessus
openSUSE Security Update : ncurses (openSUSE-2019-2551)
2019-11-25 00:00:00
RHEL 8 : ncurses (RHSA-2021:4426)
2021-11-11 00:00:00
EulerOS 2.0 SP5 : ncurses (EulerOS-SA-2019-2544)
2019-12-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2019-2544)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1206)
2020-03-13 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1064)
2020-01-23 00:00:00
gentoo
gentoo
ncurses: Multiple vulnerabilities
2021-01-26 00:00:00
suse
suse
Security update for ncurses (moderate)
2019-11-23 00:00:00
Security update for ncurses (moderate)
2019-11-23 00:00:00
osv
osv
Moderate: ncurses security update
2021-11-09 09:21:17
Moderate: ncurses security update
2021-11-09 09:21:17
CVE-2020-19188
2023-08-22 19:16:00
rocky
rocky
ncurses security update
2021-11-09 09:21:17
redhat
redhat
(RHSA-2021:4426) Moderate: ncurses security update
2021-11-09 09:21:17
(RHSA-2022:5840) Moderate: Migration Toolkit for Containers (MTC) 1.7.3 security and bug fix update
2022-08-02 07:38:08
(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0
2022-02-03 17:07:25
oraclelinux
oraclelinux
ncurses security update
2021-11-16 00:00:00
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is vulnerable to sensitive information exposure due to GNU ncurses (CVE-2019-17595, CVE-2019-17594)
2022-08-04 13:03:37
Security Bulletin: Order Management is subject to various OS vulnerabilites which could have allowed attacker various entry points into application.
2024-04-12 17:49:20
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for October 2023
2023-11-24 15:07:23
rosalinux
rosalinux
Advisory ROSA-SA-2024-2364
2024-03-05 08:27:01
Advisory ROSA-SA-2021-1927
2021-07-02 17:32:26
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2019-12-14 03:37:02
almalinux
almalinux
Moderate: ncurses security update
2021-11-09 09:21:17
ubuntucve
ubuntucve
CVE-2020-19190
2023-08-22 00:00:00
CVE-2020-19185
2023-08-22 00:00:00
CVE-2020-19188
2023-08-22 00:00:00
ubuntu
ubuntu
ncurses vulnerability
2023-10-24 00:00:00
ncurses vulnerabilities
2023-05-23 00:00:00
ncurses vulnerabilities
2022-06-14 00:00:00
cve
cve
CVE-2020-19186
2023-08-22 19:15:00
CVE-2020-19188
2023-08-22 19:16:00
CVE-2020-19190
2023-08-22 19:16:00
redhatcve
redhatcve
CVE-2020-19189
2023-08-25 18:46:10
CVE-2020-19187
2023-08-25 18:45:50
CVE-2020-19190
2023-08-25 18:46:20
prion
prion
Buffer overflow
2023-08-22 19:16:00
Buffer overflow
2023-08-22 19:15:00
Buffer overflow
2023-08-22 19:16:00
debiancve
debiancve
CVE-2020-19190
2023-08-22 19:16:00
CVE-2020-19187
2023-08-22 19:15:00
CVE-2020-19185
2023-08-22 19:15:00
debian
debian
[SECURITY] [DLA 3586-1] ncurses security update
2023-09-28 12:30:11
cloudfoundry
cloudfoundry
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
alpinelinux
alpinelinux
CVE-2019-17594
2019-10-14 21:15:00
CVE-2019-17595
2019-10-14 21:15:00
veracode
veracode
Buffer Overflow
2021-11-13 00:40:53
Buffer Overflow
2021-11-13 00:40:51
apple
apple
About the security content of macOS Monterey 12.7.2
2023-12-11 00:00:00
About the security content of macOS Ventura 13.6.3
2023-12-11 00:00:00
About the security content of macOS Sonoma 14.2
2023-12-11 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0281
2020-02-28 00:00:00
Critical Photon OS Security Update - PHSA-2020-0281
2020-02-28 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0190
2019-11-20 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

7.7 High

AI Score

Confidence

High

JSON
Related for AL2_ALAS-2024-2412.NASL
amazon1nessus30openvas21gentoo1suse2osv14rocky1redhat26oraclelinux1ibm6rosalinux2mageia1almalinux1ubuntucve8ubuntu3cve8redhatcve8prion8debiancve8debian1cloudfoundry1alpinelinux2veracode2apple3photon6ics1