Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5231.NASL
HistorySep 20, 2022 - 12:00 a.m.

Debian DSA-5231-1 : connman - security update

2022-09-2000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5231 advisory.

  • An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
    (CVE-2022-23096)

  • An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. (CVE-2022-23097)

  • An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. (CVE-2022-23098)

  • In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. (CVE-2022-32292)

  • In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. (CVE-2022-32293)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5231. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(165255);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/11");

  script_cve_id(
    "CVE-2022-23096",
    "CVE-2022-23097",
    "CVE-2022-23098",
    "CVE-2022-32292",
    "CVE-2022-32293"
  );

  script_name(english:"Debian DSA-5231-1 : connman - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5231 advisory.

  - An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation
    lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
    (CVE-2022-23096)

  - An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen
    call, leading to an out-of-bounds read. (CVE-2022-23097)

  - An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has
    an infinite loop if no data is received. (CVE-2022-23098)

  - In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to
    exploit a heap-based buffer overflow in received_data to execute code. (CVE-2022-32292)

  - In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a
    use-after-free in WISPR handling, leading to crashes or code execution. (CVE-2022-32293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004935");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/connman");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2022/dsa-5231");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-23096");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-23097");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-23098");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-32292");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-32293");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/connman");
  script_set_attribute(attribute:"solution", value:
"Upgrade the connman packages.

For the stable distribution (bullseye), these problems have been fixed in version 1.36-2.2+deb11u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23097");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-32292");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:connman-vpn");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(11)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'connman', 'reference': '1.36-2.2+deb11u1'},
    {'release': '11.0', 'prefix': 'connman-dev', 'reference': '1.36-2.2+deb11u1'},
    {'release': '11.0', 'prefix': 'connman-doc', 'reference': '1.36-2.2+deb11u1'},
    {'release': '11.0', 'prefix': 'connman-vpn', 'reference': '1.36-2.2+deb11u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'connman / connman-dev / connman-doc / connman-vpn');
}
VendorProductVersionCPE
debiandebian_linuxconnmanp-cpe:/a:debian:debian_linux:connman
debiandebian_linuxconnman-devp-cpe:/a:debian:debian_linux:connman-dev
debiandebian_linuxconnman-docp-cpe:/a:debian:debian_linux:connman-doc
debiandebian_linuxconnman-vpnp-cpe:/a:debian:debian_linux:connman-vpn
debiandebian_linux11.0cpe:/o:debian:debian_linux:11.0

Related

nessus 7
gentoo 1
debian 4
osv 5
openvas 8
mageia 2
redhatcve 1
ubuntu 1
suse 3
cvelist 5
prion 5
cnvd 2
debiancve 5
cve 5
veracode 5
alpinelinux 5
zdi 2
ubuntucve 5
nessus
nessus
GLSA-202310-21 : ConnMan: Multiple Vulnerabilities
2023-10-31 00:00:00
Debian DLA-3144-1 : connman - LTS security update
2022-10-11 00:00:00
Debian DLA-2915-1 : connman - LTS security update
2022-02-09 00:00:00
gentoo
gentoo
ConnMan: Multiple Vulnerabilities
2023-10-31 00:00:00
debian
debian
[SECURITY] [DSA 5231-1] connman security update
2022-09-17 15:56:08
[SECURITY] [DLA 3144-1] connman security update
2022-10-10 18:09:43
[SECURITY] [DLA 2915-1] connman security update
2022-02-09 10:06:05
osv
osv
connman - security update
2022-09-17 00:00:00
connman - security update
2022-10-10 00:00:00
connman - security update
2022-02-09 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5231-1)
2022-09-20 00:00:00
Debian: Security Advisory (DLA-3144-1)
2022-10-11 00:00:00
Mageia: Security Advisory (MGASA-2022-0045)
2022-02-09 00:00:00
mageia
mageia
Updated connman packages fix security vulnerability
2022-02-03 00:29:30
Updated connman packages fix security vulnerability
2022-09-07 08:27:53
redhatcve
redhatcve
CVE-2022-23098
2022-05-20 23:42:48
ubuntu
ubuntu
ConnMan vulnerabilities
2023-07-19 00:00:00
suse
suse
Security update for connman (critical)
2022-08-02 00:00:00
Security update for connman (critical)
2022-09-30 00:00:00
Security update for the Linux Kernel (important)
2022-03-01 00:00:00
cvelist
cvelist
CVE-2022-32293
2022-08-03 00:00:00
CVE-2022-23098
2022-01-28 00:00:00
CVE-2022-23096
2022-01-28 00:00:00
prion
prion
Out-of-bounds
2022-01-28 16:15:00
Out-of-bounds
2022-01-28 16:15:00
Information disclosure
2022-01-28 16:15:00
cnvd
cnvd
intel Connman Information Disclosure Vulnerability
2022-02-09 00:00:00
Intel Connman Information Disclosure Vulnerability (CNVD-2022-09128)
2022-02-09 00:00:00
debiancve
debiancve
CVE-2022-23097
2022-01-28 16:15:00
CVE-2022-23098
2022-01-28 16:15:00
CVE-2022-32293
2022-08-03 14:15:00
cve
cve
CVE-2022-23098
2022-01-28 16:15:00
CVE-2022-23096
2022-01-28 16:15:00
CVE-2022-23097
2022-01-28 16:15:00
veracode
veracode
Denial Of Service (DoS)
2022-02-12 06:01:51
Denial Of Service (DoS)
2022-02-12 06:01:52
Denial Of Service (DoS)
2022-08-31 11:02:25
alpinelinux
alpinelinux
CVE-2022-23096
2022-01-28 16:15:00
CVE-2022-23098
2022-01-28 16:15:00
CVE-2022-23097
2022-01-28 16:15:00
zdi
zdi
(Pwn2Own) ConnMan wispr_portal_web_result wp_object Double Free Remote Code Execution Vulnerability
2022-09-08 00:00:00
(Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability
2022-09-08 00:00:00
ubuntucve
ubuntucve
CVE-2022-23098
2022-01-28 00:00:00
CVE-2022-23097
2022-01-28 00:00:00
CVE-2022-23096
2022-01-28 00:00:00
JSON
Related for DEBIAN_DSA-5231.NASL
nessus7gentoo1debian4osv5openvas8mageia2redhatcve1ubuntu1suse3cvelist5prion5cnvd2debiancve5cve5veracode5alpinelinux5zdi2ubuntucve5