Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3056.NASL
HistoryOct 27, 2014 - 12:00 a.m.

Debian DSA-3056-1 : libtasn1-3 - security update

2014-10-2700:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

Several vulnerabilities were discovered in libtasn1-3, a library that manages ASN1 (Abstract Syntax Notation One) structures. An attacker could use those to cause a denial-of-service via out-of-bounds access or NULL pointer dereference.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3056. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78681);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-3467", "CVE-2014-3468", "CVE-2014-3469");
  script_bugtraq_id(67745, 67748, 67749);
  script_xref(name:"DSA", value:"3056");

  script_name(english:"Debian DSA-3056-1 : libtasn1-3 - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in libtasn1-3, a library that
manages ASN1 (Abstract Syntax Notation One) structures. An attacker
could use those to cause a denial-of-service via out-of-bounds access
or NULL pointer dereference."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/libtasn1-3"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2014/dsa-3056"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the libtasn1-3 packages.

For the stable distribution (wheezy), these problems have been fixed
in version 2.13-2+deb7u1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtasn1-3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"libtasn1-3", reference:"2.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libtasn1-3-bin", reference:"2.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libtasn1-3-dbg", reference:"2.13-2+deb7u1")) flag++;
if (deb_check(release:"7.0", prefix:"libtasn1-3-dev", reference:"2.13-2+deb7u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxlibtasn1-3p-cpe:/a:debian:debian_linux:libtasn1-3
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

suse 6
nessus 25
osv 1
openvas 26
debian 2
fedora 2
redhat 4
oraclelinux 3
mageia 1
amazon 1
slackware 2
gentoo 1
centos 2
ubuntu 1
veracode 4
f5 2
securityvulns 2
rosalinux 1
cve 3
debiancve 3
ubuntucve 3
prion 3
suse
suse
Security update for libtasn1 (important)
2014-07-24 03:05:20
Security update for GnuTLS (important)
2014-06-13 20:04:13
Security update for GnuTLS (important)
2014-06-13 02:04:36
nessus
nessus
Amazon Linux AMI : libtasn1 (ALAS-2014-359)
2014-10-12 00:00:00
Scientific Linux Security Update : libtasn1 on SL6.x i386/x86_64 (20140603)
2014-06-04 00:00:00
Fedora 20 : libtasn1-3.6-1.fc20 (2014-6895)
2014-06-05 00:00:00
osv
osv
libtasn1-3 - security update
2014-10-26 00:00:00
openvas
openvas
CentOS Update for libtasn1 CESA-2014:0596 centos6
2014-06-09 00:00:00
SUSE: Security Advisory for libtasn1 (SUSE-SU-2014:0931-1)
2015-10-13 00:00:00
Fedora Update for libtasn1 FEDORA-2014-6895
2014-06-09 00:00:00
debian
debian
[SECURITY] [DLA 77-1] libtasn1-3 security update
2014-10-26 13:15:15
[SECURITY] [DSA 3056-1] libtasn1-3 security update
2014-10-26 12:44:20
fedora
fedora
[SECURITY] Fedora 19 Update: libtasn1-3.6-1.fc19
2014-06-10 03:06:24
[SECURITY] Fedora 20 Update: libtasn1-3.6-1.fc20
2014-06-04 07:52:16
redhat
redhat
(RHSA-2014:0596) Moderate: libtasn1 security update
2014-06-03 00:00:00
(RHSA-2014:0687) Moderate: libtasn1 security update
2014-06-10 00:00:00
(RHSA-2014:0594) Important: gnutls security update
2014-06-03 00:00:00
oraclelinux
oraclelinux
libtasn1 security update
2014-07-23 00:00:00
libtasn1 security update
2014-06-03 00:00:00
gnutls security update
2014-06-03 00:00:00
mageia
mageia
Updated libtasn1 packages fix CVE-2014-3467-9
2014-06-02 22:44:30
amazon
amazon
Medium: libtasn1
2014-06-15 16:22:00
slackware
slackware
[slackware-security] libtasn1
2014-06-06 05:26:49
[slackware-security] gnutls
2014-06-06 05:26:16
gentoo
gentoo
GNU Libtasn1: Multiple vulnerabilities
2014-08-29 00:00:00
centos
centos
libtasn1 security update
2014-06-04 10:04:23
gnutls security update
2014-06-04 09:31:23
ubuntu
ubuntu
Libtasn1 vulnerabilities
2014-07-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:32
Out-of-Bounds Access
2018-08-13 08:27:26
Denial Of Service (DoS) Through Out-of-Bounds Read
2018-08-13 08:56:21
f5
f5
SOL15423 - GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468
2014-07-17 00:00:00
K15423 : GNU Libtasn1 vulnerabilities CVE-2014-3467 and CVE-2014-3468
2014-07-17 00:00:00
securityvulns
securityvulns
[oss-security] GnuTLS and libtasn1 security fixes
2014-06-02 00:00:00
GnuTLS and libtasn1 multiple security vulnerabilities
2014-06-02 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1847
2021-07-02 16:58:09
cve
cve
CVE-2014-3469
2014-06-05 20:55:00
CVE-2014-3467
2014-06-05 20:55:00
CVE-2014-3468
2014-06-05 20:55:00
debiancve
debiancve
CVE-2014-3469
2014-06-05 20:55:00
CVE-2014-3467
2014-06-05 20:55:00
CVE-2014-3468
2014-06-05 20:55:00
ubuntucve
ubuntucve
CVE-2014-3469
2014-06-05 00:00:00
CVE-2014-3467
2014-06-05 00:00:00
CVE-2014-3468
2014-06-05 00:00:00
prion
prion
Null pointer dereference
2014-06-05 20:55:00
Out-of-bounds
2014-06-05 20:55:00
Out-of-bounds
2014-06-05 20:55:00
JSON
Related for DEBIAN_DSA-3056.NASL
suse6nessus25osv1openvas26debian2fedora2redhat4oraclelinux3mageia1amazon1slackware2gentoo1centos2ubuntu1veracode4f52securityvulns2rosalinux1cve3debiancve3ubuntucve3prion3