Search...

Debian DLA-1078-1 : connman security update

2017-08-31T00:00:00

ID DEBIAN_DLA-1078.NASL
Type nessus
Reporter This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2017-08-31T00:00:00

Description

In connman, stack-based buffer overflow in 'dnsproxy.c' allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the 'name' variable.

For Debian 7 'Wheezy', these problems have been fixed in version 1.0-1.1+wheezy2.

We recommend that you upgrade your connman packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1078-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(102845);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2017-12865");

  script_name(english:"Debian DLA-1078-1 : connman security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"In connman, stack-based buffer overflow in 'dnsproxy.c' allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via a crafted response query string passed to the 'name'
variable. 

For Debian 7 'Wheezy', these problems have been fixed in version
1.0-1.1+wheezy2.

We recommend that you upgrade your connman packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2017/08/msg00028.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/connman"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected connman, connman-dev, and connman-doc packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"connman", reference:"1.0-1.1+wheezy2")) flag++;
if (deb_check(release:"7.0", prefix:"connman-dev", reference:"1.0-1.1+wheezy2")) flag++;
if (deb_check(release:"7.0", prefix:"connman-doc", reference:"1.0-1.1+wheezy2")) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

JSON Vulners Source

Initial Source

{"id": "DEBIAN_DLA-1078.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-1078-1 : connman security update", "description": "In connman, stack-based buffer overflow in 'dnsproxy.c' allows remote\nattackers to cause a denial of service (crash) or execute arbitrary\ncode via a crafted response query string passed to the 'name'\nvariable. \n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0-1.1+wheezy2.\n\nWe recommend that you upgrade your connman packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2017-08-31T00:00:00", "modified": "2017-08-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/102845", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2017/08/msg00028.html", "https://packages.debian.org/source/wheezy/connman"], "cvelist": ["CVE-2017-12865"], "type": "nessus", "lastseen": "2021-01-12T09:38:34", "edition": 19, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-12865"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891078", "OPENVAS:1361412562310703956"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1078-1:97896", "DEBIAN:DSA-3956-1:4A8A4"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201812-02.NASL", "DEBIAN_DSA-3956.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201812-02"]}], "modified": "2021-01-12T09:38:34", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-01-12T09:38:34", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1078-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102845);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-12865\");\n\n script_name(english:\"Debian DLA-1078-1 : connman security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In connman, stack-based buffer overflow in 'dnsproxy.c' allows remote\nattackers to cause a denial of service (crash) or execute arbitrary\ncode via a crafted response query string passed to the 'name'\nvariable. \n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.0-1.1+wheezy2.\n\nWe recommend that you upgrade your connman packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/connman\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected connman, connman-dev, and connman-doc packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:connman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:connman-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:connman-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"connman\", reference:\"1.0-1.1+wheezy2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"connman-dev\", reference:\"1.0-1.1+wheezy2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"connman-doc\", reference:\"1.0-1.1+wheezy2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "102845", "cpe": ["p-cpe:/a:debian:debian_linux:connman-dev", "p-cpe:/a:debian:debian_linux:connman", "p-cpe:/a:debian:debian_linux:connman-doc", "cpe:/o:debian:debian_linux:7.0"], "scheme": null, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}

{"cve": [{"lastseen": "2020-12-09T20:13:22", "description": "Stack-based buffer overflow in \"dnsproxy.c\" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the \"name\" variable.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2017-08-29T16:29:00", "title": "CVE-2017-12865", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12865"], "modified": "2020-03-05T19:23:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:intel:connman:1.34"], "id": "CVE-2017-12865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12865", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:intel:connman:1.34:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-29T20:11:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12865"], "description": "In connman, stack-based buffer overflow in ", "modified": "2020-01-29T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891078", "type": "openvas", "title": "Debian LTS: Security Advisory for connman (DLA-1078-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891078\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-12865\");\n script_name(\"Debian LTS: Security Advisory for connman (DLA-1078-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00028.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"connman on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.0-1.1+wheezy2.\n\nWe recommend that you upgrade your connman packages.\");\n\n script_tag(name:\"summary\", value:\"In connman, stack-based buffer overflow in 'dnsproxy.c' allows remote attackers\nto cause a denial of service (crash) or execute arbitrary code via a crafted\nresponse query string passed to the 'name' variable.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"connman\", ver:\"1.0-1.1+wheezy2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"connman-dev\", ver:\"1.0-1.1+wheezy2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"connman-doc\", ver:\"1.0-1.1+wheezy2\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12865"], "description": "Security consultants in NRI Secure Technologies discovered a stack\noverflow vulnerability in ConnMan, a network manager for embedded\ndevices. An attacker with control of the DNS responses to the DNS proxy\nin ConnMan might crash the service and, in same cases, remotely execute\narbitrary commands in the host running the service.", "modified": "2019-03-18T00:00:00", "published": "2017-08-27T00:00:00", "id": "OPENVAS:1361412562310703956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703956", "type": "openvas", "title": "Debian Security Advisory DSA 3956-1 (connman - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3956.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3956-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703956\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-12865\");\n script_name(\"Debian Security Advisory DSA 3956-1 (connman - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-27 00:00:00 +0200 (Sun, 27 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3956.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9|8)\");\n script_tag(name:\"affected\", value:\"connman on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1.21-1.2+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.33-3+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 1.33-3+deb9u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.35-1.\n\nWe recommend that you upgrade your connman packages.\");\n script_tag(name:\"summary\", value:\"Security consultants in NRI Secure Technologies discovered a stack\noverflow vulnerability in ConnMan, a network manager for embedded\ndevices. An attacker with control of the DNS responses to the DNS proxy\nin ConnMan might crash the service and, in same cases, remotely execute\narbitrary commands in the host running the service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"connman\", ver:\"1.33-3+deb9u1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-dev\", ver:\"1.33-3+deb9u1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-doc\", ver:\"1.33-3+deb9u1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-vpn\", ver:\"1.33-3+deb9u1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman\", ver:\"1.33-3+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-dev\", ver:\"1.33-3+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-doc\", ver:\"1.33-3+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-vpn\", ver:\"1.33-3+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman\", ver:\"1.21-1.2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-dev\", ver:\"1.21-1.2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-doc\", ver:\"1.21-1.2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"connman-vpn\", ver:\"1.21-1.2+deb8u1\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:35", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12865"], "description": "Package : connman\nVersion : 1.0-1.1+wheezy2\nCVE ID : CVE-2017-12865\nDebian Bug : 872844\n\nIn connman, stack-based buffer overflow in "dnsproxy.c" allows remote attackers\nto cause a denial of service (crash) or execute arbitrary code via a crafted\nresponse query string passed to the "name" variable. \n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1.0-1.1+wheezy2.\n\nWe recommend that you upgrade your connman packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2017-08-30T18:37:36", "published": "2017-08-30T18:37:36", "id": "DEBIAN:DLA-1078-1:97896", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201708/msg00028.html", "title": "[SECURITY] [DLA 1078-1] connman security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-12T01:03:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12865"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3956-1 security@debian.org\nhttps://www.debian.org/security/ Luciano Bello\nAugust 27, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : connman\nCVE ID : CVE-2017-12865\nDebian Bug : 872844\n\nSecurity consultants in NRI Secure Technologies discovered a stack\noverflow vulnerability in ConnMan, a network manager for embedded\ndevices. An attacker with control of the DNS responses to the DNS proxy\nin ConnMan might crash the service and, in same cases, remotely execute\narbitrary commands in the host running the service.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.21-1.2+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.33-3+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 1.33-3+deb9u1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.35-1.\n\nWe recommend that you upgrade your connman packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 12, "modified": "2017-08-27T22:25:19", "published": "2017-08-27T22:25:19", "id": "DEBIAN:DSA-3956-1:4A8A4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00218.html", "title": "[SECURITY] [DSA 3956-1] connman security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:50:39", "description": "Security consultants in NRI Secure Technologies discovered a stack\noverflow vulnerability in ConnMan, a network manager for embedded\ndevices. An attacker with control of the DNS responses to the DNS\nproxy in ConnMan might crash the service and, in same cases, remotely\nexecute arbitrary commands in the host running the service.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-28T00:00:00", "title": "Debian DSA-3956-1 : connman - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12865"], "modified": "2017-08-28T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:connman", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3956.NASL", "href": "https://www.tenable.com/plugins/nessus/102792", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3956. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102792);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-12865\");\n script_xref(name:\"DSA\", value:\"3956\");\n\n script_name(english:\"Debian DSA-3956-1 : connman - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security consultants in NRI Secure Technologies discovered a stack\noverflow vulnerability in ConnMan, a network manager for embedded\ndevices. An attacker with control of the DNS responses to the DNS\nproxy in ConnMan might crash the service and, in same cases, remotely\nexecute arbitrary commands in the host running the service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/connman\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/connman\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3956\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the connman packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.21-1.2+deb8u1.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.33-3+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:connman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"connman\", reference:\"1.21-1.2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"connman-dev\", reference:\"1.21-1.2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"connman-doc\", reference:\"1.21-1.2+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"connman-vpn\", reference:\"1.21-1.2+deb8u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"connman\", reference:\"1.33-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"connman-dev\", reference:\"1.33-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"connman-doc\", reference:\"1.33-3+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"connman-vpn\", reference:\"1.33-3+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-19T10:22:20", "description": "The remote host is affected by the vulnerability described in GLSA-201812-02\n(ConnMan: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ConnMan. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, via a crafted DNS packet, could remotely execute code\n or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 13, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-03T00:00:00", "title": "GLSA-201812-02 : ConnMan: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-5716", "CVE-2017-12865"], "modified": "2018-12-03T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:connman", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201812-02.NASL", "href": "https://www.tenable.com/plugins/nessus/119321", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201812-02.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119321);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/18\");\n\n script_cve_id(\"CVE-2017-12865\", \"CVE-2017-5716\");\n script_xref(name:\"GLSA\", value:\"201812-02\");\n\n script_name(english:\"GLSA-201812-02 : ConnMan: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201812-02\n(ConnMan: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ConnMan. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, via a crafted DNS packet, could remotely execute code\n or cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201812-02\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All ConnMan users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/connman-1.35-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:connman\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/connman\", unaffected:make_list(\"ge 1.35-r1\"), vulnerable:make_list(\"lt 1.35-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ConnMan\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2018-12-02T20:50:10", "bulletinFamily": "unix", "cvelist": ["CVE-2017-5716", "CVE-2017-12865"], "description": "### Background\n\nConnMan provides a daemon for managing Internet connections.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, via a crafted DNS packet, could remotely execute code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ConnMan users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/connman-1.35-r1\"", "edition": 1, "modified": "2018-12-02T00:00:00", "published": "2018-12-02T00:00:00", "id": "GLSA-201812-02", "href": "https://security.gentoo.org/glsa/201812-02", "title": "ConnMan: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}