Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3829.NASL
HistoryApr 13, 2017 - 12:00 a.m.

Debian DSA-3829-1 : bouncycastle - security update

2017-04-1300:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

Quan Nguyen discovered that a missing boundary check in the Galois/Counter mode implementation of Bouncy Castle (a Java implementation of cryptographic algorithms) may result in information disclosure.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3829. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99318);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-6644");
  script_xref(name:"DSA", value:"3829");

  script_name(english:"Debian DSA-3829-1 : bouncycastle - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Quan Nguyen discovered that a missing boundary check in the
Galois/Counter mode implementation of Bouncy Castle (a Java
implementation of cryptographic algorithms) may result in information
disclosure."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/bouncycastle"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2017/dsa-3829"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the bouncycastle packages.

For the stable distribution (jessie), this problem has been fixed in
version 1.49+dfsg-3+deb8u2.

For the upcoming stable distribution (stretch), this problem has been
fixed in version 1.54-1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bouncycastle");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libbcmail-java", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcmail-java-doc", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcpg-java", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcpg-java-doc", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcpkix-java", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcpkix-java-doc", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcprov-java", reference:"1.49+dfsg-3+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libbcprov-java-doc", reference:"1.49+dfsg-3+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxbouncycastlep-cpe:/a:debian:debian_linux:bouncycastle
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

cve 1
ubuntucve 1
osv 2
debiancve 1
veracode 1
nessus 7
openvas 5
prion 1
debian 2
fedora 1
redhat 6
ubuntu 1
ibm 3
androidsecurity 1
cve
cve
CVE-2015-6644
2016-01-06 19:59:00
ubuntucve
ubuntucve
CVE-2015-6644
2016-01-06 00:00:00
osv
osv
bouncycastle - security update
2017-04-10 00:00:00
bouncycastle - security update
2017-04-11 00:00:00
debiancve
debiancve
CVE-2015-6644
2016-01-06 19:59:00
veracode
veracode
Information Disclosure
2017-04-11 01:56:16
nessus
nessus
Fedora 24 : bouncycastle (2017-4c3ac44551)
2017-05-02 00:00:00
Debian DLA-893-1 : bouncycastle security update
2017-04-11 00:00:00
RHEL 6 : JBoss EAP (RHSA-2017:2809)
2017-09-28 00:00:00
openvas
openvas
Fedora Update for bouncycastle FEDORA-2017-4c3ac44551
2017-05-03 00:00:00
Debian: Security Advisory (DSA-3829-1)
2017-04-10 00:00:00
Debian: Security Advisory (DLA-893-1)
2018-01-16 00:00:00
prion
prion
Information disclosure
2016-01-06 19:59:00
debian
debian
[SECURITY] [DLA 893-1] bouncycastle security update
2017-04-10 19:16:42
[SECURITY] [DSA 3829-1] bouncycastle security update
2017-04-11 20:45:09
fedora
fedora
[SECURITY] Fedora 24 Update: bouncycastle-1.52-9.fc24
2017-05-02 00:24:48
redhat
redhat
(RHSA-2017:2808) Important: Red Hat JBoss Enterprise Application Platform security update
2017-09-26 17:22:47
(RHSA-2017:2809) Important: Red Hat JBoss Enterprise Application Platform security update
2017-09-26 17:22:51
(RHSA-2017:2811) Important: eap7-jboss-ec2-eap security update
2017-09-26 18:58:39
ubuntu
ubuntu
Bouncy Castle vulnerabilities
2018-08-01 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis
2021-04-16 15:46:15
Security Bulletin: Multiple vulnerabilities in The Bouncy Castle Crypto Package For Java affect IBM Application Performance Management products
2023-09-25 09:11:08
Log Analysis Security Bulletin List
2021-09-01 11:04:11
androidsecurity
androidsecurity
Nexus Security Bulletin—January 2016
2016-01-04 00:00:00
JSON
Related for DEBIAN_DSA-3829.NASL
cve1ubuntucve1osv2debiancve1veracode1nessus7openvas5prion1debian2fedora1redhat6ubuntu1ibm3androidsecurity1