Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASMATE-DESKTOP1_X-2024-005.NASLHistoryJan 09, 2024 - 12:00 a.m.
Amazon Linux 2 : djvulibre (ALASMATE-DESKTOP1.X-2024-005)
2024-01-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
amazon linux 2
djvulibre
security update
alasmate-desktop1.x-2024-005
cve-2021-46312
denial of service
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%
The version of djvulibre installed on the remote host is prior to 3.5.27-30. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-005 advisory.
- An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. (CVE-2021-46312)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASMATE-DESKTOP1.X-2024-005.
##
include('compat.inc');
if (description)
{
script_id(187772);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/10");
script_cve_id("CVE-2021-46312");
script_name(english:"Amazon Linux 2 : djvulibre (ALASMATE-DESKTOP1.X-2024-005)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of djvulibre installed on the remote host is prior to 3.5.27-30. It is, therefore, affected by a
vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-005 advisory.
- An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of
service via divide by zero. (CVE-2021-46312)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASMATE-DESKTOP1.X-2024-005.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-46312.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update djvulibre' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-46312");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/22");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:djvulibre");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:djvulibre-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:djvulibre-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:djvulibre-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'djvulibre-3.5.27-30.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-3.5.27-30.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-3.5.27-30.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-debuginfo-3.5.27-30.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-debuginfo-3.5.27-30.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-debuginfo-3.5.27-30.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-devel-3.5.27-30.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-devel-3.5.27-30.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-devel-3.5.27-30.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-libs-3.5.27-30.amzn2.0.3', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-libs-3.5.27-30.amzn2.0.3', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'djvulibre-libs-3.5.27-30.amzn2.0.3', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "djvulibre / djvulibre-debuginfo / djvulibre-devel / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | djvulibre-devel | p-cpe:/a:amazon:linux:djvulibre-devel |
| amazon | linux | 2 | cpe:/o:amazon:linux:2 |
| amazon | linux | djvulibre-libs | p-cpe:/a:amazon:linux:djvulibre-libs |
| amazon | linux | djvulibre-debuginfo | p-cpe:/a:amazon:linux:djvulibre-debuginfo |
| amazon | linux | djvulibre | p-cpe:/a:amazon:linux:djvulibre |
Related
debiancve
debiancve
CVE-2021-46312
2023-08-22 19:16:21
cvelist
cvelist
CVE-2021-46312
2023-08-22 00:00:00
vulnrichment
vulnrichment
CVE-2021-46312
2023-08-22 00:00:00
prion
prion
Denial of service
2023-08-22 19:16:00
alpinelinux
alpinelinux
CVE-2021-46312
2023-08-22 19:16:21
nvd
nvd
CVE-2021-46312
2023-08-22 19:16:21
cve
cve
CVE-2021-46312
2023-08-22 19:16:21
ubuntucve
ubuntucve
CVE-2021-46312
2023-08-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-08-24 04:25:13
openvas
openvas
Fedora: Security Advisory for djvulibre (FEDORA-2024-d20163632f)
2024-05-27 00:00:00
openSUSE: Security Advisory for djvulibre (SUSE-SU-2023:3520-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2024-0183)
2024-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: djvulibre-3.5.28-9.fc40
2024-05-16 01:52:43
[SECURITY] Fedora 38 Update: djvulibre-3.5.28-6.fc38
2024-05-16 01:27:30
[SECURITY] Fedora 39 Update: djvulibre-3.5.28-7.fc39
2024-05-16 01:09:37
redos
redos
ROS-20230914-05
2023-09-14 00:00:00
nessus
nessus
Fedora 40 : djvulibre (2024-d20163632f)
2024-05-16 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : djvulibre (SUSE-SU-2023:3520-1)
2023-09-06 00:00:00
Fedora 38 : djvulibre (2024-e8b9bedd36)
2024-05-16 00:00:00
mageia
mageia
Updated djvulibre packages fix security vulnerabilities
2024-05-22 02:17:20
rosalinux
rosalinux
Advisory ROSA-SA-2024-2428
2024-06-03 08:20:14
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%
Related for AL2_ALASMATE-DESKTOP1_X-2024-005.NASL