Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-669.NASL
HistoryOct 20, 2016 - 12:00 a.m.

Debian DLA-669-1 : dwarfutils security update

2016-10-2000:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.1%

JSON

Several vulnerabilities were discovered in dwarfutils, a tool and library for reading/consuming and writing/producing DWARF debugging information. The Common Vulnerabilities and Exposures project identifies the following issues :

CVE-2015-8538

A specially crafted ELF file can cause a segmentation fault.

CVE-2015-8750

A specially crafted ELF file can cause a NULL pointer dereference.

CVE-2016-2050

Out-of-bounds write

CVE-2016-2091

Out-of-bounds read

CVE-2016-5034

Out-of-bounds write

CVE-2016-5036

Out-of-bounds read

CVE-2016-5038

Out-of-bounds read

CVE-2016-5039

Out-of-bounds read

CVE-2016-5042

A specially crafted DWARF section can cause an infinite loop, reading from increasing memory addresses until the application crashes.

For Debian 7 ‘Wheezy’, these problems have been fixed in version 20120410-2+deb7u2.

We recommend that you upgrade your dwarfutils packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-669-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94143);
  script_version("2.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-8538", "CVE-2015-8750", "CVE-2016-2050", "CVE-2016-2091", "CVE-2016-5034", "CVE-2016-5036", "CVE-2016-5038", "CVE-2016-5039", "CVE-2016-5042");

  script_name(english:"Debian DLA-669-1 : dwarfutils security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in dwarfutils, a tool and
library for reading/consuming and writing/producing DWARF debugging
information. The Common Vulnerabilities and Exposures project
identifies the following issues :

CVE-2015-8538

A specially crafted ELF file can cause a segmentation fault.

CVE-2015-8750

A specially crafted ELF file can cause a NULL pointer dereference.

CVE-2016-2050

Out-of-bounds write

CVE-2016-2091

Out-of-bounds read

CVE-2016-5034

Out-of-bounds write

CVE-2016-5036

Out-of-bounds read

CVE-2016-5038

Out-of-bounds read

CVE-2016-5039

Out-of-bounds read

CVE-2016-5042

A specially crafted DWARF section can cause an infinite loop, reading
from increasing memory addresses until the application crashes.

For Debian 7 'Wheezy', these problems have been fixed in version
20120410-2+deb7u2.

We recommend that you upgrade your dwarfutils packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2016/10/msg00024.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/dwarfutils"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Upgrade the affected dwarfdump, and libdwarf-dev packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dwarfdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdwarf-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"dwarfdump", reference:"20120410-2+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libdwarf-dev", reference:"20120410-2+deb7u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxdwarfdumpp-cpe:/a:debian:debian_linux:dwarfdump
debiandebian_linuxlibdwarf-devp-cpe:/a:debian:debian_linux:libdwarf-dev
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

debian 2
osv 3
openvas 5
nessus 7
fedora 1
cvelist 9
nvd 9
cve 9
alpinelinux 1
ubuntucve 9
veracode 2
prion 9
debiancve 9
archlinux 2
redhatcve 5
rosalinux 1
debian
debian
[SECURITY] [DLA 669-1] dwarfutils security update
2016-10-19 14:57:04
[SECURITY] [DLA 388-1] dwarfutils security update
2016-01-15 10:26:50
osv
osv
dwarfutils - security update
2016-10-19 00:00:00
CVE-2015-8538
2017-06-07 20:29:00
dwarfutils - security update
2016-01-15 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-669-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for libdwarf (EulerOS-SA-2019-2204)
2020-01-23 00:00:00
Fedora Update for libdwarf FEDORA-2016-f36c5935e5
2016-06-08 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : libdwarf (EulerOS-SA-2019-2204)
2019-11-08 00:00:00
Fedora 24 : libdwarf (2016-f36c5935e5)
2016-07-14 00:00:00
RHEL 6 : libdwarf (Unpatched Vulnerability)
2024-06-03 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: libdwarf-20160507-1.fc24
2016-05-12 16:19:22
cvelist
cvelist
CVE-2015-8538
2017-06-07 20:00:00
CVE-2015-8750
2017-02-13 18:00:00
CVE-2016-5042
2017-02-17 17:00:00
nvd
nvd
CVE-2015-8538
2017-06-07 20:29:00
CVE-2015-8750
2017-02-13 18:59:00
CVE-2016-2050
2017-01-31 19:59:00
cve
cve
CVE-2015-8538
2017-06-07 20:29:00
CVE-2016-5042
2017-02-17 17:59:00
CVE-2016-5038
2017-02-17 17:59:00
alpinelinux
alpinelinux
CVE-2015-8538
2017-06-07 20:29:00
ubuntucve
ubuntucve
CVE-2015-8538
2017-06-07 00:00:00
CVE-2015-8750
2017-02-13 00:00:00
CVE-2016-5038
2017-02-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-08-01 06:46:19
Denial Of Service (DoS)
2018-08-01 05:45:58
prion
prion
Design/Logic Flaw
2017-06-07 20:29:00
Null pointer dereference
2017-02-13 18:59:00
Out-of-bounds
2017-01-31 19:59:00
debiancve
debiancve
CVE-2015-8538
2017-06-07 20:29:00
CVE-2015-8750
2017-02-13 18:59:00
CVE-2016-5038
2017-02-17 17:59:00
archlinux
archlinux
libdwarf: denial of service
2016-01-21 00:00:00
libdwarf: arbitrary code execution
2016-06-25 00:00:00
redhatcve
redhatcve
CVE-2016-5038
2016-05-26 13:19:04
CVE-2016-5042
2016-05-26 13:48:53
CVE-2016-5036
2016-05-26 13:18:53
rosalinux
rosalinux
Advisory ROSA-SA-2021-1866
2021-07-02 17:13:15

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for DEBIAN_DLA-669.NASL
debian2osv3openvas5nessus7fedora1cvelist9nvd9cve9alpinelinux1ubuntucve9veracode2prion9debiancve9archlinux2redhatcve5rosalinux1