CentOS 6 / 7 : lzo (CESA-2014:0861)

🗓️ 10 Jul 2014 00:00:00Reported by TenableType

Updated lzo packages with security fix for integer overflow (CESA-2014:0861)

Reporter	Title	Published	Views	Family All 186
IBM Security Bulletins	Security Bulletin: WebSphere Cast Iron and App Connect Professional are affected by vulnerabilities in busybox, arpwatch, apr, acpid, augeas, firefox, ctdb.	15 Dec 202107:41	–	ibm
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in busybox affect IBM Security Network Protection (CVE-2014-4607, and CVE-2014-9645 )	16 Jun 201821:46	–	ibm
Amazon	Medium: lzo	9 Jul 201400:00	–	amazon
Tenable Nessus	Amazon Linux AMI : lzo (ALAS-2014-373)	12 Oct 201400:00	–	nessus
Tenable Nessus	Debian DLA-2559-1 : busybox security update	16 Feb 202100:00	–	nessus
Tenable Nessus	Debian DLA-35-1 : lzo2 security update	26 Mar 201500:00	–	nessus
Tenable Nessus	Debian DSA-2995-1 : lzo2 - security update	4 Aug 201400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP2 : grub2 (EulerOS-SA-2019-1735)	22 Jul 201900:00	–	nessus

Source	Link
nessus	www.nessus.org/u
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:0861 and 
# CentOS Errata and Security Advisory 2014:0861 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(76429);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2014-4607");
  script_bugtraq_id(68213);
  script_xref(name:"RHSA", value:"2014:0861");

  script_name(english:"CentOS 6 / 7 : lzo (CESA-2014:0861)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated lzo packages that fix one security issue are now available for
Red Hat Enterprise Linux 6 and 7.

The Red Hat Security Response Team has rated this update as having
Moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.

LZO is a portable lossless data compression library written in ANSI C.

An integer overflow flaw was found in the way the lzo library
decompressed certain archives compressed with the LZO algorithm. An
attacker could create a specially crafted LZO-compressed input that,
when decompressed by an application using the lzo library, would cause
that application to crash or, potentially, execute arbitrary code.
(CVE-2014-4607)

Red Hat would like to thank Don A. Bailey from Lab Mouse Security for
reporting this issue.

All lzo users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to
take effect, all services linked to the lzo library must be restarted
or the system rebooted."
  );
  # https://lists.centos.org/pipermail/centos-announce/2014-July/020401.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d18f29b7"
  );
  # https://lists.centos.org/pipermail/centos-announce/2014-July/020406.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8eba3fb8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected lzo packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4607");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:lzo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:lzo-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:lzo-minilzo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x / 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-6", reference:"lzo-2.03-3.1.el6_5.1")) flag++;
if (rpm_check(release:"CentOS-6", reference:"lzo-devel-2.03-3.1.el6_5.1")) flag++;
if (rpm_check(release:"CentOS-6", reference:"lzo-minilzo-2.03-3.1.el6_5.1")) flag++;

if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"lzo-2.06-6.el7_0.2")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"lzo-devel-2.06-6.el7_0.2")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"lzo-minilzo-2.06-6.el7_0.2")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lzo / lzo-devel / lzo-minilzo");
}

04 Jan 2021 00:00Current

7High risk

Vulners AI Score7

CVSS 26.8

CVSS 3.18.8

EPSS0.11033

centos 6 centos 7 lzo library security update integer overflow cve-2014-4607 red hat enterprise linux vulnerability fix cvss score restart required.