ID DEBIAN_DLA-1192.NASL Type nessus Reporter Tenable Modified 2018-07-09T00:00:00
Description
CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.
CVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file
For Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.
We recommend that you upgrade your libofx packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1192-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(104751);
script_version("3.4");
script_cvs_date("Date: 2018/07/09 12:26:58");
script_cve_id("CVE-2017-14731", "CVE-2017-2816");
script_name(english:"Debian DLA-1192-1 : libofx security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in
the tag parsing functionality of LibOFX 0.9.11. A specially crafted
OFX file can cause a write out of bounds resulting in a buffer
overflow on the stack. An attacker can construct a malicious OFX file
to trigger this vulnerability.
CVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote
attackers to cause a denial of service (heap-based buffer over-read
and application crash) via a crafted file
For Debian 7 'Wheezy', these problems have been fixed in version
1:0.9.4-2.1+deb7u1.
We recommend that you upgrade your libofx packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/libofx"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libofx-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libofx-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libofx4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libofx4-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ofx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"libofx-dev", reference:"1:0.9.4-2.1+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libofx-doc", reference:"1:0.9.4-2.1+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libofx4", reference:"1:0.9.4-2.1+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libofx4-dbg", reference:"1:0.9.4-2.1+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"ofx", reference:"1:0.9.4-2.1+deb7u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DLA-1192.NASL", "bulletinFamily": "scanner", "title": "Debian DLA-1192-1 : libofx security update", "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-11-27T00:00:00", "modified": "2018-07-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "reporter": "Tenable", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "type": "nessus", "lastseen": "2019-02-21T01:34:03", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "7924e12d4636f8155814b2cc3eb1d3f9344a347ea120c1543e362b7c4d7ebf51", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "2bd62f5f216a2322e3364b2c6610cc5f", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bc45505afd2828e5ebc5a61082bd7c5e", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2018-08-30T19:44:53", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 15}, "differentElements": ["cvss"], "edition": 5, "lastseen": "2018-08-30T19:44:53"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "f3ec9c782eb9b3a4ecf4111312a68cda22e3b6392f89bf9e323ce1de853f29b4", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "2bd62f5f216a2322e3364b2c6610cc5f", "key": "sourceData"}, {"hash": "bc45505afd2828e5ebc5a61082bd7c5e", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2018-09-01T23:50:59", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 15}, "differentElements": ["description"], "edition": 6, "lastseen": "2018-09-01T23:50:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "f3ec9c782eb9b3a4ecf4111312a68cda22e3b6392f89bf9e323ce1de853f29b4", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "2bd62f5f216a2322e3364b2c6610cc5f", "key": "sourceData"}, {"hash": "bc45505afd2828e5ebc5a61082bd7c5e", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2018-07-10T05:54:42", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 15}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-07-10T05:54:42"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {"score": {"modified": "2017-11-27T23:19:48", "value": 6.8}}, "hash": "26177cd225b763487c9035f811129e67a2a3ff5cb506e566c51d84241bcd37c5", "hashmap": [{"hash": "0c355493ad0e0579b8b386df1d20390b", "key": "sourceData"}, {"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "modified"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "bc45505afd2828e5ebc5a61082bd7c5e", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2017-11-27T23:19:48", "modified": "2017-11-27T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/11/27 14:56:50 $\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n script_osvdb_id(165374, 166103);\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 11}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2017-11-27T23:19:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-01-16T20:29:59", "references": [{"idList": ["CVE-2017-14731", "CVE-2017-2816"], "type": "cve"}, {"idList": ["DEBIAN:DLA-1192-1:20719"], "type": "debian"}, {"idList": ["TALOSBLOG:638D29801BF3853AAAD825812DC463E4"], "type": "talosblog"}, {"idList": ["OPENVAS:1361412562310851842", "OPENVAS:1361412562310874360", "OPENVAS:1361412562310874359"], "type": "openvas"}, {"idList": ["TALOS-2017-0317"], "type": "talos"}, {"idList": ["OPENSUSE-SU-2018:2229-1"], "type": "suse"}, {"idList": ["FREEBSD_PKG_58FAFEADCD13472FA9BDD0173BA1B04C.NASL", "FEDORA_2018-1B3A73B45F.NASL", "FEDORA_2018-8A208FBA70.NASL", "OPENSUSE-2018-820.NASL", "SUSE_SU-2018-2064-1.NASL", "FEDORA_2018-4A2B875D6B.NASL"], "type": "nessus"}, {"idList": ["58FAFEAD-CD13-472F-A9BD-D0173BA1B04C"], "type": "freebsd"}]}, "score": {"value": 6.8, "vector": "NONE"}}, "hash": "09b5e1c26cacc01c6c381d89b13d35d8173013026de38187f0cde4ab4be39eb2", "hashmap": [{"hash": "48d60a46ed3f845ea90484e4bf421124", "key": "modified"}, {"hash": "b6fdde9a74007d5edd88a097113b3fb7", "key": "description"}, {"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "2bd62f5f216a2322e3364b2c6610cc5f", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2019-01-16T20:29:59", "modified": "2018-07-09T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 15}, "differentElements": ["description"], "edition": 7, "lastseen": "2019-01-16T20:29:59"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "7fc2ac0aaefb35e01771a006f05eb02140dc33daea9cbecb1b6edb0ac5487b7d", "hashmap": [{"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "9d4ec3bc274414c5dfdd7488d4d95f7b", "key": "modified"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "bc45505afd2828e5ebc5a61082bd7c5e", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "c4b2c3886b854967d3fafcd01e21d565", "key": "sourceData"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2018-07-07T01:56:24", "modified": "2018-07-06T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/07/06 11:26:07\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 12}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-07-07T01:56:24"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2017-14731", "CVE-2017-2816"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "CVE-2017-2816 An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "bad930171be7b6426a14bb39ea4a13179dd2d7bca3596ca218ff7dd357ec2604", "hashmap": [{"hash": "ded5bc9ee3719604c631873133d4a8c5", "key": "cpe"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "a0550d8929a8d2440a7ab66382b13e88", "key": "modified"}, {"hash": "55b2174fe05627edd048be9dc59996fb", "key": "cvelist"}, {"hash": "ed01799d800c27d843fb47bd07850076", "key": "published"}, {"hash": "59ec71c4b305cafcf52bc5b2c09e6e80", "key": "pluginID"}, {"hash": "bc45505afd2828e5ebc5a61082bd7c5e", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "019ce98961f1e4975abeccc08849e487", "key": "sourceData"}, {"hash": "6ce14d88b78ed4f57457b5809d42bd3c", "key": "references"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "50ca21f2a7074843ab107054e3eb7ae2", "key": "title"}, {"hash": "047cccca7492fcea0a7257dde5448ab9", "key": "href"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104751", "id": "DEBIAN_DLA-1192.NASL", "lastseen": "2018-01-30T01:04:34", "modified": "2018-01-29T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "104751", "published": "2017-11-27T00:00:00", "references": ["https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html", "https://packages.debian.org/source/wheezy/libofx"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/29 14:23:40 $\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n script_osvdb_id(165374, 166103);\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DLA-1192-1 : libofx security update", "type": "nessus", "viewCount": 11}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2018-01-30T01:04:34"}], "edition": 8, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "ded5bc9ee3719604c631873133d4a8c5"}, {"key": "cvelist", "hash": "55b2174fe05627edd048be9dc59996fb"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "bc45505afd2828e5ebc5a61082bd7c5e"}, {"key": "href", "hash": "047cccca7492fcea0a7257dde5448ab9"}, {"key": "modified", "hash": "48d60a46ed3f845ea90484e4bf421124"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "59ec71c4b305cafcf52bc5b2c09e6e80"}, {"key": "published", "hash": "ed01799d800c27d843fb47bd07850076"}, {"key": "references", "hash": "6ce14d88b78ed4f57457b5809d42bd3c"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "2bd62f5f216a2322e3364b2c6610cc5f"}, {"key": "title", "hash": "50ca21f2a7074843ab107054e3eb7ae2"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f3ec9c782eb9b3a4ecf4111312a68cda22e3b6392f89bf9e323ce1de853f29b4", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-14731", "CVE-2017-2816"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1192-1:20719"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874360", "OPENVAS:1361412562310874359", "OPENVAS:1361412562310851842"]}, {"type": "nessus", "idList": ["SUSE_SU-2018-2064-1.NASL", "FEDORA_2018-4A2B875D6B.NASL", "FEDORA_2018-1B3A73B45F.NASL", "FEDORA_2018-8A208FBA70.NASL", "FREEBSD_PKG_58FAFEADCD13472FA9BDD0173BA1B04C.NASL", "OPENSUSE-2018-820.NASL"]}, {"type": "talos", "idList": ["TALOS-2017-0317"]}, {"type": "talosblog", "idList": ["TALOSBLOG:638D29801BF3853AAAD825812DC463E4"]}, {"type": "freebsd", "idList": ["58FAFEAD-CD13-472F-A9BD-D0173BA1B04C"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2229-1"]}], "modified": "2019-02-21T01:34:03"}, "score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104751);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/07/09 12:26:58\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\");\n\n script_name(english:\"Debian DLA-1192-1 : libofx security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2017-2816 An exploitable buffer overflow vulnerability exists in\nthe tag parsing functionality of LibOFX 0.9.11. A specially crafted\nOFX file can cause a write out of bounds resulting in a buffer\noverflow on the stack. An attacker can construct a malicious OFX file\nto trigger this vulnerability.\n\nCVE-2017-14731 ofx_proc_file in ofx_preproc.cpp allows remote\nattackers to cause a denial of service (heap-based buffer over-read\nand application crash) via a crafted file\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libofx\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libofx4-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libofx-dev\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx-doc\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libofx4-dbg\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ofx\", reference:\"1:0.9.4-2.1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "104751", "cpe": ["p-cpe:/a:debian:debian_linux:libofx-dev", "p-cpe:/a:debian:debian_linux:libofx4", "p-cpe:/a:debian:debian_linux:libofx-doc", "p-cpe:/a:debian:debian_linux:ofx", "p-cpe:/a:debian:debian_linux:libofx4-dbg", "cpe:/o:debian:debian_linux:7.0"], "scheme": null}
{"cve": [{"lastseen": "2018-02-05T15:16:19", "bulletinFamily": "NVD", "description": "ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call.", "modified": "2018-02-03T21:29:10", "published": "2017-09-25T17:29:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-14731", "id": "CVE-2017-14731", "title": "CVE-2017-14731", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-02-05T15:16:32", "bulletinFamily": "NVD", "description": "An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.", "modified": "2018-02-03T21:29:21", "published": "2017-09-13T14:29:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2816", "id": "CVE-2017-2816", "title": "CVE-2017-2816", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-18T13:49:53", "bulletinFamily": "unix", "description": "Package : libofx\nVersion : 1:0.9.4-2.1+deb7u1\nCVE ID : CVE-2017-2816 CVE-2017-14731\n\n\nCVE-2017-2816\n An exploitable buffer overflow vulnerability exists in the tag\n parsing functionality of LibOFX 0.9.11. A specially crafted OFX\n file can cause a write out of bounds resulting in a buffer\n overflow on the stack. An attacker can construct a malicious\n OFX file to trigger this vulnerability.\n\nCVE-2017-14731\n ofx_proc_file in ofx_preproc.cpp allows remote attackers to cause\n a denial of service (heap-based buffer over-read and application\n crash) via a crafted file\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:0.9.4-2.1+deb7u1.\n\nWe recommend that you upgrade your libofx packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2017-11-26T16:00:29", "published": "2017-11-26T16:00:29", "id": "DEBIAN:DLA-1192-1:20719", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201711/msg00038.html", "title": "[SECURITY] [DLA 1192-1] libofx security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:41:22", "bulletinFamily": "scanner", "description": "This update for libofx fixes the following issues: Security issues fixed :\n\n - CVE-2017-2816: Fix an exploitable buffer overflow vulnerability in the tag parsing functionality (bsc#1058673).\n\n - CVE-2017-2920: Fix a buffer overflow vulnerability in sanitize_proprietary_tags in lib/ofx_preproc.cpp (bsc#1061964).\n\n - CVE-2017-14731: Fix remote denial of service via a crafted file in ofx_proc_file in ofx_preproc.cpp (bsc#1060437).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "SUSE_SU-2018-2064-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111368", "published": "2018-07-27T00:00:00", "title": "SUSE SLED12 Security Update : libofx (SUSE-SU-2018:2064-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2064-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111368);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/01 13:19:05\");\n\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\", \"CVE-2017-2920\");\n\n script_name(english:\"SUSE SLED12 Security Update : libofx (SUSE-SU-2018:2064-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libofx fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-2816: Fix an exploitable buffer overflow\n vulnerability in the tag parsing functionality\n (bsc#1058673).\n\n - CVE-2017-2920: Fix a buffer overflow vulnerability in\n sanitize_proprietary_tags in lib/ofx_preproc.cpp\n (bsc#1061964).\n\n - CVE-2017-14731: Fix remote denial of service via a\n crafted file in ofx_proc_file in ofx_preproc.cpp\n (bsc#1060437).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061964\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2920/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182064-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?302a626d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-1408=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-1408=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1408=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:U/RC:X\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libofx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libofx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libofx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libofx6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libofx6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libofx-0.9.9-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libofx-debuginfo-0.9.9-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libofx-debugsource-0.9.9-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libofx6-0.9.9-3.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libofx6-debuginfo-0.9.9-3.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libofx\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:45:12", "bulletinFamily": "scanner", "description": "This update fixes assorted CVEs in LibOFX.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2019-01-03T00:00:00", "id": "FEDORA_2018-8A208FBA70.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=120591", "published": "2019-01-03T00:00:00", "title": "Fedora 28 : libofx (2018-8a208fba70)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-8a208fba70.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120591);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/01/03 10:25:36\");\n\n script_cve_id(\"CVE-2017-14731\");\n script_xref(name:\"FEDORA\", value:\"2018-8a208fba70\");\n\n script_name(english:\"Fedora 28 : libofx (2018-8a208fba70)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes assorted CVEs in LibOFX.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-8a208fba70\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libofx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"libofx-0.9.10-6.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libofx\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:17", "bulletinFamily": "scanner", "description": "This updates LibOFX to fix assorted CVEs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-04-12T00:00:00", "id": "FEDORA_2018-1B3A73B45F.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109004", "published": "2018-04-12T00:00:00", "title": "Fedora 27 : libofx (2018-1b3a73b45f)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-1b3a73b45f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109004);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/12 14:47:30\");\n\n script_cve_id(\"CVE-2017-14731\");\n script_xref(name:\"FEDORA\", value:\"2018-1b3a73b45f\");\n\n script_name(english:\"Fedora 27 : libofx (2018-1b3a73b45f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates LibOFX to fix assorted CVEs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-1b3a73b45f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libofx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"libofx-0.9.10-5.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libofx\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:38:17", "bulletinFamily": "scanner", "description": "This updates LibOFX to fix assorted CVEs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-04-12T00:00:00", "id": "FEDORA_2018-4A2B875D6B.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=109005", "published": "2018-04-12T00:00:00", "title": "Fedora 26 : libofx (2018-4a2b875d6b)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4a2b875d6b.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109005);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/12 14:47:30\");\n\n script_cve_id(\"CVE-2017-14731\");\n script_xref(name:\"FEDORA\", value:\"2018-4a2b875d6b\");\n\n script_name(english:\"Fedora 26 : libofx (2018-4a2b875d6b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This updates LibOFX to fix assorted CVEs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a2b875d6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libofx package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"libofx-0.9.10-5.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libofx\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:33:09", "bulletinFamily": "scanner", "description": "Talos developers report :\n\nAn exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.", "modified": "2018-11-21T00:00:00", "id": "FREEBSD_PKG_58FAFEADCD13472FA9BDD0173BA1B04C.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=103524", "published": "2017-09-28T00:00:00", "title": "FreeBSD : libofx -- exploitable buffer overflow (58fafead-cd13-472f-a9bd-d0173ba1b04c)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103524);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/21 10:46:31\");\n\n script_cve_id(\"CVE-2017-2816\");\n\n script_name(english:\"FreeBSD : libofx -- exploitable buffer overflow (58fafead-cd13-472f-a9bd-d0173ba1b04c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Talos developers report :\n\nAn exploitable buffer overflow vulnerability exists in the tag parsing\nfunctionality of LibOFX 0.9.11. A specially crafted OFX file can cause\na write out of bounds resulting in a buffer overflow on the stack. An\nattacker can construct a malicious OFX file to trigger this\nvulnerability.\"\n );\n # http://www.securityfocus.com/bid/100828\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.securityfocus.com/bid/100828\"\n );\n # https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47bc4a42\"\n );\n # https://vuxml.freebsd.org/freebsd/58fafead-cd13-472f-a9bd-d0173ba1b04c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be2deadd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:libofx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"libofx<=0.9.11_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:41:31", "bulletinFamily": "scanner", "description": "This update for libofx fixes the following issues :\n\nThe following security vulnerabilities have been addressed :\n\n - CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing functionality, which could result in an out of bounds write and could be triggered via a specially crafted OFX file (boo#1061964)\n\n - CVE-2017-2816: Fixed another buffer overflow in the tag parsing functionality, which could result in an stack overflow and could be triggered via a specially crafted OFX file (boo#1058673)", "modified": "2018-08-08T00:00:00", "id": "OPENSUSE-2018-820.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111585", "published": "2018-08-08T00:00:00", "title": "openSUSE Security Update : libofx (openSUSE-2018-820)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-820.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111585);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/08/08 12:52:11\");\n\n script_cve_id(\"CVE-2017-2816\", \"CVE-2017-2920\");\n\n script_name(english:\"openSUSE Security Update : libofx (openSUSE-2018-820)\");\n script_summary(english:\"Check for the openSUSE-2018-820 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for libofx fixes the following issues :\n\nThe following security vulnerabilities have been addressed :\n\n - CVE-2017-2920: Fixed an exploitable buffer overflow in\n the tag parsing functionality, which could result in an\n out of bounds write and could be triggered via a\n specially crafted OFX file (boo#1061964)\n\n - CVE-2017-2816: Fixed another buffer overflow in the tag\n parsing functionality, which could result in an stack\n overflow and could be triggered via a specially crafted\n OFX file (boo#1058673)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1058673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libofx packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libofx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libofx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libofx-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libofx-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libofx6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libofx6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libofx-0.9.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libofx-debuginfo-0.9.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libofx-debugsource-0.9.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libofx-devel-0.9.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libofx6-0.9.10-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libofx6-debuginfo-0.9.10-7.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libofx / libofx-debuginfo / libofx-debugsource / libofx-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2019-03-18T14:23:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-13T00:00:00", "id": "OPENVAS:1361412562310874360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874360", "title": "Fedora Update for libofx FEDORA-2018-1b3a73b45f", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1b3a73b45f_libofx_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libofx FEDORA-2018-1b3a73b45f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874360\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-13 08:06:52 +0200 (Fri, 13 Apr 2018)\");\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\", \"CVE-2017-2920\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libofx FEDORA-2018-1b3a73b45f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libofx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libofx on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1b3a73b45f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFLNASWJ5OH55HY7Q334GN3FP45VNRMW\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libofx\", rpm:\"libofx~0.9.10~5.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-18T14:24:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-04-13T00:00:00", "id": "OPENVAS:1361412562310874359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874359", "title": "Fedora Update for libofx FEDORA-2018-4a2b875d6b", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_4a2b875d6b_libofx_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libofx FEDORA-2018-4a2b875d6b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874359\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-04-13 08:06:40 +0200 (Fri, 13 Apr 2018)\");\n script_cve_id(\"CVE-2017-14731\", \"CVE-2017-2816\", \"CVE-2017-2920\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libofx FEDORA-2018-4a2b875d6b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libofx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libofx on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-4a2b875d6b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBRSRWQZ62J4IZKINLLX2O46JVZOFR7Q\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"libofx\", rpm:\"libofx~0.9.10~5.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:03:37", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2018-08-08T00:00:00", "id": "OPENVAS:1361412562310851842", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851842", "title": "SuSE Update for libofx openSUSE-SU-2018:2229-1 (libofx)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_2229_1.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# SuSE Update for libofx openSUSE-SU-2018:2229-1 (libofx)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851842\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-08 05:51:25 +0200 (Wed, 08 Aug 2018)\");\n script_cve_id(\"CVE-2017-2816\", \"CVE-2017-2920\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for libofx openSUSE-SU-2018:2229-1 (libofx)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libofx'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for libofx fixes the following issues:\n\n The following security vulnerabilities have been addressed:\n\n - CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing\n functionality, which could result in an out of bounds write and could be\n triggered via a specially crafted OFX file (boo#1061964)\n\n - CVE-2017-2816: Fixed another buffer overflow in the tag parsing\n functionality, which could result in an stack overflow and could be\n triggered via a specially crafted OFX file (boo#1058673)\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-820=1\");\n script_tag(name:\"affected\", value:\"libofx on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2229_1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00018.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"libofx\", rpm:\"libofx~0.9.10~7.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libofx-debuginfo\", rpm:\"libofx-debuginfo~0.9.10~7.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libofx-debugsource\", rpm:\"libofx-debugsource~0.9.10~7.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libofx-devel\", rpm:\"libofx-devel~0.9.10~7.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libofx6\", rpm:\"libofx6~0.9.10~7.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libofx6-debuginfo\", rpm:\"libofx6-debuginfo~0.9.10~7.3.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "talos": [{"lastseen": "2018-08-31T00:36:39", "bulletinFamily": "info", "description": "# Talos Vulnerability Report\n\n### TALOS-2017-0317\n\n## LibOFX Tag Parsing Code Execution Vulnerability\n\n##### September 13, 2017\n\n##### CVE Number\n\nCVE-2017-2816 \n\n### Summary\n\nAn exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\n### Tested Versions\n\nLibOFX 0.9.11\n\n### Product URLs\n\n<https://github.com/libofx/libofx>\n\n### CVSSv3 Score\n\n8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\n\n### CWE\n\nCWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')\n\n### Details\n\nOFX is the Open Financial Exchange format used by financial institutions to share financial data with clients. GnuCash is an open source financial-accounting software that has the capability to import OFX records using libOFX, an open source implementation of OFX.\n\nWhile parsing the tags of the given OFX record, libOFX attempts to strip any present OFX proprietary tags. After checking that the file begins with the correct OFX tag of `<OFX>`, the remaining tag is sent over to be sanitized by `sanitize_proprietary_tags`. In this function, the tag is copied into a local stack variable called `tagname` as long as the parser is still within the opening tag [0].\n \n \n lib/ofx_preproc.cpp:75\n const unsigned int READ_BUFFER_SIZE = 1024;\n \n lib/ofx_preproc.cpp:417\n string sanitize_proprietary_tags(string input_string)\n {\n unsigned int i;\n size_t input_string_size;\n bool strip = false;\n bool tag_open = false;\n int tag_open_idx = 0; //Are we within < > ?\n bool closing_tag_open = false; //Are we within </ > ?\n int orig_tag_open_idx = 0;\n bool proprietary_tag = false; //Are we within a proprietary element?\n bool proprietary_closing_tag = false;\n int crop_end_idx = 0;\n char buffer[READ_BUFFER_SIZE] = \"\";\n char tagname[READ_BUFFER_SIZE] = \"\";\n int tagname_idx = 0;\n char close_tagname[READ_BUFFER_SIZE] = \"\";\n \n \n for (i = 0; i < input_string_size; i++)\n \n if (input_string.c_str()[i] == '<')\n {\n tag_open = true;\n tag_open_idx = i;\n if (proprietary_tag == true && input_string.c_str()[i+1] == '/')\n {\n ...\n }\n else if (proprietary_tag == true)\n {\n //It is the start of a new tag, following a proprietary tag\n crop_end_idx = i - 1;\n strip = true;\n }\n }\n else if (input_string.c_str()[i] == '>')\n {\n ...\n }\n else if (tag_open == true && closing_tag_open == false)\n {\n if (input_string.c_str()[i] == '.')\n {\n if (proprietary_tag != true)\n {\n orig_tag_open_idx = tag_open_idx;\n proprietary_tag = true;\n }\n }\n tagname[tagname_idx] = input_string.c_str()[i]; [0]\n tagname_idx++;\n \n\nBecause the loop occurs over the size of the `input_string`, if the `input_string` is larger than `READ_BUFFER_SIZE`, then the stack variable is overflown and can potentially lead to code execution.\n\n### Crash Information\n \n \n ==6542==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffffbb4260 at pc 0x7fab9d30ccc1 bp 0x7fffffbb39b0 sp 0x7fffffbb39a8\n WRITE of size 1 at 0x7fffffbb4260 thread T0\n #0 0x7fab9d30ccc0 (/home/vagrant/fuzzing/libofx-asan/libofx-0.9.11/lib/.libs/libofx.so.7+0x30cc0)\n #1 0x7fab9d30aba0 (/home/vagrant/fuzzing/libofx-asan/libofx-0.9.11/lib/.libs/libofx.so.7+0x2eba0)\n #2 0x7fab9d3057cb (/home/vagrant/fuzzing/libofx-asan/libofx-0.9.11/lib/.libs/libofx.so.7+0x297cb)\n #3 0x4f8ba2 (/home/vagrant/fuzzing/libofx-asan/libofx-0.9.11/ofxdump/.libs/lt-ofxdump+0x4f8ba2)\n #4 0x7fab9c06982f (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)\n #5 0x419618 (/home/vagrant/fuzzing/libofx-asan/libofx-0.9.11/ofxdump/.libs/lt-ofxdump+0x419618)\n \n Address 0x7fffffbb4260 is located in stack of thread T0 at offset 2208 in frame\n #0 0x7fab9d30c38f (/home/vagrant/fuzzing/libofx-asan/libofx-0.9.11/lib/.libs/libofx.so.7+0x3038f)\n \n This frame has 9 object(s):\n [32, 1056) 'buffer'\n [1184, 2208) 'tagname' <== Memory access at offset 2208 overflows this variable\n [2336, 3360) 'close_tagname'\n [3488, 3520) ''\n [3552, 3584) ''\n [3616, 3617) ''\n [3632, 3664) ''\n [3696, 3728) ''\n [3760, 3761) ''\n HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext\n (longjmp and C++ exceptions *are* supported)\n SUMMARY: AddressSanitizer: stack-buffer-overflow (/home/vagrant/fuzzing/libofx-asan/libofx-\n 0.9.11/lib/.libs/libofx.so.7+0x30cc0)\n Shadow bytes around the buggy address:\n 0x10007ff6e7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n =>0x10007ff6e840: 00 00 00 00 00 00 00 00 00 00 00 00[f2]f2 f2 f2\n 0x10007ff6e850: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 00 00 00 00\n 0x10007ff6e860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n 0x10007ff6e890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n Shadow byte legend (one shadow byte represents 8 application bytes):\n Addressable: 00\n Partially addressable: 01 02 03 04 05 06 07\n Heap left redzone: fa\n Heap right redzone: fb\n Freed heap region: fd\n Stack left redzone: f1\n Stack mid redzone: f2\n Stack right redzone: f3\n Stack partial redzone: f4\n Stack after return: f5\n Stack use after scope: f8\n Global redzone: f9\n Global init order: f6\n Poisoned by user: f7\n Container overflow: fc\n Array cookie: ac\n Intra object redzone: bb\n ASan internal: fe\n Left alloca redzone: ca\n Right alloca redzone: cb\n ==6542==ABORTING\n \n\n### Timeline\n\n2017-04-14 - Vendor Disclosure \n2017-09-13 - Public Release\n\n##### Credit\n\nDiscovered by Cory Duplantis of Cisco Talos.\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2017-0305\n\nPrevious Report\n\nTALOS-2017-0431\n", "modified": "2017-09-13T00:00:00", "published": "2017-09-13T00:00:00", "id": "TALOS-2017-0317", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317", "title": "LibOFX Tag Parsing Code Execution Vulnerability", "type": "talos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "talosblog": [{"lastseen": "2017-09-29T11:57:16", "bulletinFamily": "blog", "description": "This vulnerability was discovered by Cory Duplantis of Talos<br /><br /><i>Update 9/20/2017: A <a href=\"https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d\">patch</a> is now available to fix this issue.</i><br /><h3>Overview</h3><br />LibOFX is an open source implementation of OFX (Open Financial Exchange) an open format used by financial institutions to share financial data with clients. As an implementation of a complex standard, this library is used by financial software such as GnuCash. Talos has discovered an exploitable buffer overflow in the implementation: a specially crafted OFX file can cause a write out of bounds resulting in code execution. This vulnerability is not currently patched and Talos has not received a response from the developers within the period specified by the <a href=\"https://www.cisco.com/c/en/us/about/security-center/vendor-vulnerability-policy.html\">Vendor Vulnerability Reporting and Disclosure Policy</a>.<br /><br /><a name='more'></a><br /><br /><h3 id=\"h.86b4p9aikust\">TALOS-2017-0317 (CVE-2017-2816) - LibOFX Tag Parsing Code Execution Vulnerability</h3><br />Ironically, the vulnerability is located in the way that tags are parsed by the sanitize function. In the function, the tag's names are stored locally on the stack, a too long tag name results in a stack overflow.<br /><br />More details can be found in the vulnerability reports:<a href=\"http://www.talosintelligence.com/reports/TALOS-2017-0317\">TALOS-2017-0317</a><br /><br />Tested Version: LibOFX 0.9.11<br /><br /><h2 id=\"h.lgggkctha6nd\">Discussion</h2><br />As an open source library, LibOFX may be used in various financial applications. This vulnerability presents many attractive features for attackers. User interaction is not necessarily required to trigger the vulnerability, and any systems presenting with this vulnerability are likely to contain valuable financial information which can be stolen to conduct identity theft, fraud, or easily sold on to other criminals.<br /><br />Organisations may not be aware of the presence of this library being used to parse OFX files in third party software, or in software that has been developed as part of an in-house system. Keeping track of open source libraries used within in-house projects, and quickly applying patches supplied by third party vendors is vital to ensure that vulnerabilities such as these, which are particularly enticing to attackers, are properly managed.<br /><br /><h2 id=\"h.beqozwifr92z\">Coverage</h2><div><br /></div>The following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.<br /><br />Snort Rules: 42277-42278<br /><br /><div class=\"feedflare\">\n<a href=\"http://feeds.feedburner.com/~ff/feedburner/Talos?a=vlOSJxYrSZw:Dq1uEVfSRtU:yIl2AUoC8zA\"><img src=\"http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA\" border=\"0\"></img></a>\n</div><img src=\"http://feeds.feedburner.com/~r/feedburner/Talos/~4/vlOSJxYrSZw\" height=\"1\" width=\"1\" alt=\"\"/>", "modified": "2017-09-22T05:33:34", "published": "2017-09-13T07:24:00", "id": "TALOSBLOG:638D29801BF3853AAAD825812DC463E4", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/vlOSJxYrSZw/vulnerability-spotlight-libofx-tag.html", "title": "Vulnerability Spotlight: LibOFX Tag Parsing Code Execution Vulnerability", "type": "talosblog", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:13:52", "bulletinFamily": "unix", "description": "\nTalos developers report:\n\nAn exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability.\n\n", "modified": "2017-09-13T00:00:00", "published": "2017-09-13T00:00:00", "id": "58FAFEAD-CD13-472F-A9BD-D0173BA1B04C", "href": "https://vuxml.freebsd.org/freebsd/58fafead-cd13-472f-a9bd-d0173ba1b04c.html", "title": "libofx -- exploitable buffer overflow", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2018-08-07T16:43:57", "bulletinFamily": "unix", "description": "This update for libofx fixes the following issues:\n\n The following security vulnerabilities have been addressed:\n\n - CVE-2017-2920: Fixed an exploitable buffer overflow in the tag parsing\n functionality, which could result in an out of bounds write and could be\n triggered via a specially crafted OFX file (boo#1061964)\n\n - CVE-2017-2816: Fixed another buffer overflow in the tag parsing\n functionality, which could result in an stack overflow and could be\n triggered via a specially crafted OFX file (boo#1058673)\n\n", "modified": "2018-08-07T15:07:58", "published": "2018-08-07T15:07:58", "id": "OPENSUSE-SU-2018:2229-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00018.html", "title": "Security update for libofx (important)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
