Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.DEBIAN_DLA-126.NASL
HistoryMar 26, 2015 - 12:00 a.m.

Debian DLA-126-1 : ettercap security update

2015-03-2600:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON

Patches a bunch of security vulnerabilities :

  • CVE-2014-9380 (Buffer over-read)

  • CVE-2014-9381 (Signedness error) See:
    https://www.obrela.com/home/security-labs/advisories/osi
    -advisory-osi-1402/ Patches taken from upstream

  • 6b196e011fa456499ed4650a360961a2f1323818 pull/608

  • 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609 Thanks to Nick Sampanis <[email protected]> who is responsible for both finding and repairing these issues.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-126-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82109);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-9380", "CVE-2014-9381");
  script_bugtraq_id(71691, 71693);

  script_name(english:"Debian DLA-126-1 : ettercap security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Patches a bunch of security vulnerabilities :

  - CVE-2014-9380 (Buffer over-read)

  - CVE-2014-9381 (Signedness error) See:
    https://www.obrela.com/home/security-labs/advisories/osi
    -advisory-osi-1402/ Patches taken from upstream

  - 6b196e011fa456499ed4650a360961a2f1323818 pull/608

  - 31b937298c8067e6b0c3217c95edceb983dfc4a2 pull/609 Thanks
    to Nick Sampanis <[email protected]> who is
    responsible for both finding and repairing these issues.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2014/12/msg00028.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/ettercap"
  );
  # https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?55000fec"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ettercap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ettercap-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ettercap-gtk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"ettercap", reference:"1:0.7.3-2.1+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"ettercap-common", reference:"1:0.7.3-2.1+squeeze2")) flag++;
if (deb_check(release:"6.0", prefix:"ettercap-gtk", reference:"1:0.7.3-2.1+squeeze2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxettercap-gtkp-cpe:/a:debian:debian_linux:ettercap-gtk
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0
debiandebian_linuxettercapp-cpe:/a:debian:debian_linux:ettercap
debiandebian_linuxettercap-commonp-cpe:/a:debian:debian_linux:ettercap-common

Related

debian 1
openvas 9
osv 1
cve 2
debiancve 2
cvelist 2
nvd 2
prion 2
ubuntucve 2
fedora 6
nessus 7
securityvulns 2
mageia 1
gentoo 1
archlinux 2
debian
debian
[SECURITY] [DLA 126-1] ettercap security update
2014-12-29 21:26:51
openvas
openvas
Debian: Security Advisory (DLA-126-1)
2023-03-08 00:00:00
Fedora Update for ettercap FEDORA-2015-3984
2015-03-27 00:00:00
Fedora Update for ettercap FEDORA-2014-17090
2015-01-05 00:00:00
osv
osv
ettercap - security update
2014-12-29 00:00:00
cve
cve
CVE-2014-9380
2014-12-19 15:59:30
CVE-2014-9381
2014-12-19 15:59:31
debiancve
debiancve
CVE-2014-9380
2014-12-19 15:59:30
CVE-2014-9381
2014-12-19 15:59:31
cvelist
cvelist
CVE-2014-9380
2014-12-19 15:00:00
CVE-2014-9381
2014-12-19 15:00:00
nvd
nvd
CVE-2014-9380
2014-12-19 15:59:30
CVE-2014-9381
2014-12-19 15:59:31
prion
prion
Out-of-bounds
2014-12-19 15:59:00
Integer overflow
2014-12-19 15:59:00
ubuntucve
ubuntucve
CVE-2014-9381
2014-12-19 00:00:00
CVE-2014-9380
2014-12-19 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: ettercap-0.8.1-2.fc19
2015-01-03 19:08:05
[SECURITY] Fedora 21 Update: ettercap-0.8.1-2.fc21
2015-01-03 19:11:42
[SECURITY] Fedora 20 Update: ettercap-0.8.1-2.fc20
2015-01-03 19:07:29
nessus
nessus
Fedora 21 : ettercap-0.8.1-2.fc21 (2014-17090)
2015-01-05 00:00:00
Fedora 22 : ettercap-0.8.2-1.fc22 (2015-4009)
2015-03-23 00:00:00
Fedora 19 : ettercap-0.8.1-2.fc19 (2014-17210)
2015-01-05 00:00:00
securityvulns
securityvulns
&quot;Ettercap 8.0 - 8.1&quot; multiple vulnerabilities
2014-12-22 00:00:00
ettercap multiple security vulnerabilities
2014-12-22 00:00:00
mageia
mageia
Updated ettercap packages fix security vulnerabilities
2015-01-07 19:32:10
gentoo
gentoo
Ettercap: Multiple vulnerabilities
2015-05-13 00:00:00
archlinux
archlinux
ettercap-gtk: multiple issues
2015-03-17 00:00:00
ettercap: multiple issues
2015-03-17 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.9%

JSON
Related for DEBIAN_DLA-126.NASL
debian1openvas9osv1cve2debiancve2cvelist2nvd2prion2ubuntucve2fedora6nessus7securityvulns2mageia1gentoo1archlinux2