Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3782.NASLHistoryApr 07, 2024 - 12:00 a.m.
Debian dla-3782 : bsdutils - security update
2024-04-0700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
debian 10
multiple vulnerabilities
util-linux
buffer overflow
integer overflow
wall command
setgid permissions
account takeover.
7.7 High
AI Score
Confidence
Low
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3782 advisory.
-
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
(CVE-2021-37600) -
wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users’ terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. (CVE-2024-28085)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3782. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(192962);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/07");
script_cve_id("CVE-2021-37600", "CVE-2024-28085");
script_name(english:"Debian dla-3782 : bsdutils - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3782 advisory.
- An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker
were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
(CVE-2021-37600)
- wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to
be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are
blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where
this leads to account takeover. (CVE-2024-28085)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/util-linux");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-37600");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-28085");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/util-linux");
script_set_attribute(attribute:"solution", value:
"Upgrade the bsdutils packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37600");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/30");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bsdutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fdisk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libblkid-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libblkid1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfdisk-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libfdisk1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmount-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libmount1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmartcols-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libsmartcols1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libuuid1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mount");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rfkill");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:util-linux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:util-linux-locales");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uuid-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:uuid-runtime");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '10.0', 'prefix': 'bsdutils', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'fdisk', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libblkid-dev', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libblkid1', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libfdisk-dev', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libfdisk1', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libmount-dev', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libmount1', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libsmartcols-dev', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libsmartcols1', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'libuuid1', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'mount', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'rfkill', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'util-linux', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'util-linux-locales', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'uuid-dev', 'reference': '2.33.1-0.1+deb10u1'},
{'release': '10.0', 'prefix': 'uuid-runtime', 'reference': '2.33.1-0.1+deb10u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var _release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (_release && prefix && reference) {
if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bsdutils / fdisk / libblkid-dev / libblkid1 / libfdisk-dev / libfdisk1 / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | 10.0 | cpe:/o:debian:debian_linux:10.0 |
| debian | debian_linux | util-linux | p-cpe:/a:debian:debian_linux:util-linux |
| debian | debian_linux | bsdutils | p-cpe:/a:debian:debian_linux:bsdutils |
| debian | debian_linux | fdisk | p-cpe:/a:debian:debian_linux:fdisk |
| debian | debian_linux | libblkid-dev | p-cpe:/a:debian:debian_linux:libblkid-dev |
| debian | debian_linux | libblkid1 | p-cpe:/a:debian:debian_linux:libblkid1 |
| debian | debian_linux | libfdisk-dev | p-cpe:/a:debian:debian_linux:libfdisk-dev |
| debian | debian_linux | libfdisk1 | p-cpe:/a:debian:debian_linux:libfdisk1 |
| debian | debian_linux | libmount-dev | p-cpe:/a:debian:debian_linux:libmount-dev |
| debian | debian_linux | libmount1 | p-cpe:/a:debian:debian_linux:libmount1 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28085
packages.debian.org/source/buster/util-linux
security-tracker.debian.org/tracker/CVE-2021-37600
security-tracker.debian.org/tracker/CVE-2024-28085
security-tracker.debian.org/tracker/source-package/util-linux
Related
osv
osv
util-linux - security update
2024-04-07 00:00:00
util-linux vulnerability
2024-04-10 12:24:42
util-linux - security update
2024-03-31 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3782-1)
2024-04-08 00:00:00
Slackware: Security Advisory (SSA:2024-088-02)
2024-03-29 00:00:00
Ubuntu: Security Advisory (USN-6719-2)
2024-04-11 00:00:00
debian
debian
[SECURITY] [DLA 3782-1] util-linux security update
2024-04-07 10:41:20
[SECURITY] [DSA 5650-1] util-linux security update
2024-03-31 11:50:05
mageia
mageia
Updated util-linux packages fix security vulnerability
2024-04-06 22:53:46
Updated util-linux packages fix security vulnerability
2022-02-22 23:15:16
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : util-linux vulnerability (USN-6719-1)
2024-03-27 00:00:00
SUSE SLES15 Security Update : util-linux (SUSE-SU-2024:1106-1)
2024-04-08 00:00:00
EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2024-1604)
2024-05-09 00:00:00
packetstorm
packetstorm
util-linux wall Escape Sequence Injection
2024-03-28 00:00:00
ubuntu
ubuntu
util-linux vulnerability
2024-03-27 00:00:00
util-linux vulnerability
2024-04-10 00:00:00
redos
redos
ROS-20240425-06
2024-04-25 00:00:00
ROS-20240425-07
2024-04-25 00:00:00
ubuntucve
ubuntucve
CVE-2024-28085
2024-03-27 00:00:00
CVE-2021-37600
2021-07-30 00:00:00
githubexploit
githubexploit
Exploit for CVE-2024-28085
2024-03-11 00:15:03
cvelist
cvelist
CVE-2024-28085
2024-03-27 00:00:00
CVE-2021-37600
2021-07-28 00:00:00
veracode
veracode
Escape Sequence Injection
2024-04-08 12:41:53
f5
f5
K000139140 : util-linux vulnerability CVE-2024-28085
2024-04-01 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-28085 affecting package util-linux for versions less than 2.37.4-9
2024-04-19 23:01:58
CVE-2021-37600 affecting package util-linux 2.32.1-7
2021-08-12 21:14:36
alpinelinux
alpinelinux
CVE-2024-28085
2024-03-27 19:15:48
CVE-2021-37600
2021-07-30 14:15:18
redhatcve
redhatcve
CVE-2024-28085
2024-03-27 19:52:40
CVE-2021-37600
2021-07-29 14:25:41
debiancve
debiancve
CVE-2024-28085
2024-03-27 19:15:48
CVE-2021-37600
2021-07-30 14:15:18
slackware
slackware
[slackware-security] util-linux
2024-03-28 21:56:23
cve
cve
CVE-2024-28085
2024-03-27 19:15:48
CVE-2021-37600
2021-07-30 14:15:18
suse
suse
Security update for util-linux (moderate)
2021-10-20 00:00:00
Security update for util-linux (moderate)
2021-11-02 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0424
2021-08-13 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-2.0-0379
2021-08-18 00:00:00
Critical Photon OS Security Update - PHSA-2021-0081
2021-08-17 00:00:00
prion
prion
Integer overflow
2021-07-30 14:15:00
cnvd
cnvd
util-linux input validation error vulnerability
2021-08-03 00:00:00
amazon
amazon
Low: util-linux
2023-01-30 16:02:00
thn
thn
New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking
2024-03-29 10:49:00
gentoo
gentoo
util-linux: Multiple Vulnerabilities
2024-01-07 00:00:00
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00