CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.8%
libplist is a library for reading and writing the Apple binary and XML property lists format. It’s part of the libimobiledevice stack, providing access to iDevices (iPod, iPhone, iPad …).
CVE-2017-5209
The base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
CVE-2017-5545
The main function in plistutil.c allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short.
CVE-2017-5834
The parse_dict_node function in bplist.c allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.
CVE-2017-5835
libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero.
CVE-2017-6435
The parse_string_node function in bplist.c allows local users to cause a denial of service (memory corruption) via a crafted plist file.
CVE-2017-6436
The parse_string_node function in bplist.c allows local users to cause a denial of service (memory allocation error) via a crafted plist file.
CVE-2017-6439
Heap-based buffer overflow in the parse_string_node function in bplist.c allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file.
CVE-2017-7982
Integer overflow in the plist_from_bin function in bplist.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted plist file.
For Debian 8 ‘Jessie’, these problems have been fixed in version 1.11-3+deb8u1.
We recommend that you upgrade your libplist packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2168-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135190);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/19");
script_cve_id(
"CVE-2017-5209",
"CVE-2017-5545",
"CVE-2017-5834",
"CVE-2017-5835",
"CVE-2017-6435",
"CVE-2017-6436",
"CVE-2017-6439",
"CVE-2017-7982"
);
script_name(english:"Debian DLA-2168-1 : libplist security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"libplist is a library for reading and writing the Apple binary and XML
property lists format. It's part of the libimobiledevice stack,
providing access to iDevices (iPod, iPhone, iPad ...).
CVE-2017-5209
The base64decode function in base64.c allows attackers to obtain
sensitive information from process memory or cause a denial of service
(buffer over-read) via split encoded Apple Property List data.
CVE-2017-5545
The main function in plistutil.c allows attackers to obtain sensitive
information from process memory or cause a denial of service (buffer
over-read) via Apple Property List data that is too short.
CVE-2017-5834
The parse_dict_node function in bplist.c allows attackers to cause a
denial of service (out-of-bounds heap read and crash) via a crafted
file.
CVE-2017-5835
libplist allows attackers to cause a denial of service (large memory
allocation and crash) via vectors involving an offset size of zero.
CVE-2017-6435
The parse_string_node function in bplist.c allows local users to cause
a denial of service (memory corruption) via a crafted plist file.
CVE-2017-6436
The parse_string_node function in bplist.c allows local users to cause
a denial of service (memory allocation error) via a crafted plist
file.
CVE-2017-6439
Heap-based buffer overflow in the parse_string_node function in
bplist.c allows local users to cause a denial of service
(out-of-bounds write) via a crafted plist file.
CVE-2017-7982
Integer overflow in the plist_from_bin function in bplist.c allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted plist file.
For Debian 8 'Jessie', these problems have been fixed in version
1.11-3+deb8u1.
We recommend that you upgrade your libplist packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/libplist");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5545");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist++-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist++2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libplist2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-plist");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"libplist++-dev", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libplist++2", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libplist-dbg", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libplist-dev", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libplist-doc", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libplist-utils", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"libplist2", reference:"1.11-3+deb8u1")) flag++;
if (deb_check(release:"8.0", prefix:"python-plist", reference:"1.11-3+deb8u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5834
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5835
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6435
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6436
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6439
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7982
lists.debian.org/debian-lts-announce/2020/04/msg00002.html
packages.debian.org/source/jessie/libplist
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
73.8%