Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1445.NASL
HistoryJul 27, 2018 - 12:00 a.m.

Debian DLA-1445-3 : busybox regression update

2018-07-2700:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

It was found that the security update of busybox announced as DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking attack, was too strict in case of cpio archives. This update restores the old behavior.

For Debian 8 ‘Jessie’, this problem has been fixed in version 1:1.22.0-9+deb8u4.

We recommend that you upgrade your busybox packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1445-3. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(111358);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_name(english:"Debian DLA-1445-3 : busybox regression update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that the security update of busybox announced as
DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking
attack, was too strict in case of cpio archives. This update restores
the old behavior.

For Debian 8 'Jessie', this problem has been fixed in version
1:1.22.0-9+deb8u4.

We recommend that you upgrade your busybox packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00003.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/busybox"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox-syslogd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udhcpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udhcpd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"busybox", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"busybox-static", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"busybox-syslogd", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"busybox-udeb", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"udhcpc", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"udhcpd", reference:"1:1.22.0-9+deb8u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxbusyboxp-cpe:/a:debian:debian_linux:busybox
debiandebian_linuxbusybox-staticp-cpe:/a:debian:debian_linux:busybox-static
debiandebian_linuxbusybox-syslogdp-cpe:/a:debian:debian_linux:busybox-syslogd
debiandebian_linuxbusybox-udebp-cpe:/a:debian:debian_linux:busybox-udeb
debiandebian_linuxudhcpcp-cpe:/a:debian:debian_linux:udhcpc
debiandebian_linuxudhcpdp-cpe:/a:debian:debian_linux:udhcpd
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

debian 3
cve 2
veracode 1
ubuntucve 1
debiancve 1
prion 2
openvas 12
suse 3
nessus 10
osv 2
packetstorm 2
cloudfoundry 1
ubuntu 1
debian
debian
[SECURITY] [DLA 1445-3] busybox regression update
2018-08-03 05:18:54
[SECURITY] [DLA 1445-1] busybox security update
2018-07-27 04:40:00
[SECURITY] [DLA 2559-1] busybox security update
2021-02-15 11:57:08
cve
cve
CVE-2011-5325
2017-08-07 17:29:00
CVE-2022-23227
2022-01-14 18:15:00
veracode
veracode
Directory Traversal
2021-02-15 22:51:22
ubuntucve
ubuntucve
CVE-2011-5325
2017-08-07 00:00:00
debiancve
debiancve
CVE-2011-5325
2017-08-07 17:29:00
prion
prion
Directory traversal
2017-08-07 17:29:00
Design/Logic Flaw
2022-01-14 18:15:00
openvas
openvas
NUUO NVRmini 2 <= 03.11.0000.0016 RCE Vulnerability - Active Check
2022-01-18 00:00:00
openSUSE: Security Advisory for busybox (openSUSE-SU-2021:1408-1)
2021-11-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3531-1)
2021-10-28 00:00:00
suse
suse
Security update for busybox (important)
2021-10-27 00:00:00
Security update for busybox (important)
2021-10-31 00:00:00
Security update for busybox (important)
2022-05-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : busybox (openSUSE-SU-2021:1408-1)
2021-11-01 00:00:00
openSUSE 15 Security Update : busybox (openSUSE-SU-2021:3531-1)
2021-10-28 00:00:00
SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2021:3531-1)
2021-10-28 00:00:00
osv
osv
busybox - security update
2021-02-15 00:00:00
busybox - security update
2018-07-27 00:00:00
packetstorm
packetstorm
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
2020-08-27 00:00:00
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
2019-06-13 00:00:00
cloudfoundry
cloudfoundry
USN-3935-1: BusyBox vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
ubuntu
ubuntu
BusyBox vulnerabilities
2019-04-03 00:00:00
JSON
Related for DEBIAN_DLA-1445.NASL
debian3cve2veracode1ubuntucve1debiancve1prion2openvas12suse3nessus10osv2packetstorm2cloudfoundry1ubuntu1