| Reporter | Title | Published | Views | Family All 61 |
|---|---|---|---|---|
| Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM) | 31 Jan 201902:25 | – | ibm | |
| CVE-2016-6318 | 7 Sep 201619:00 | – | alpinelinux | |
| cracklib Local Stack Buffer Overflow Vulnerability | 17 Aug 201600:00 | – | cnvd | |
| CVE-2016-6318 | 7 Sep 201619:00 | – | cve | |
| CVE-2016-6318 | 7 Sep 201619:00 | – | cvelist | |
| [SECURITY] [DLA 2220-1] cracklib2 security update | 24 May 202017:44 | – | debian | |
| [SECURITY] [DLA 599-1] cracklib2 security update | 20 Aug 201616:58 | – | debian | |
| CVE-2016-6318 | 7 Sep 201619:00 | – | debiancve | |
| Debian DLA-2220-1 : cracklib2 security update | 26 May 202000:00 | – | nessus | |
| Debian DLA-599-1 : cracklib2 security update | 22 Aug 201600:00 | – | nessus |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(131593);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/08");
script_cve_id("CVE-2016-6318");
script_name(english:"EulerOS 2.0 SP2 : cracklib (EulerOS-SA-2019-2439)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the cracklib packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- CrackLib tests passwords to determine whether they
match certain security-oriented characteristics, with
the purpose of stopping users from choosing passwords
that are easy to guess. CrackLib performs several tests
on passwords: it tries to generate words from a
username and gecos entry and checks those words against
the password it checks for simplistic patterns in
passwords and it checks for the password in a
dictionary.CrackLib is actually a library containing a
particular C function which is used to check the
password, as well as other C functions. CrackLib is not
a replacement for a passwd program it must be used in
conjunction with an existing passwd program.Install the
cracklib package if you need a program to check users'
passwords to see if they are at least minimally secure.
If you install CrackLib, you will also want to install
the cracklib-dicts package.Security Fix(es):Stack-based
buffer overflow in the FascistGecosUser function in
lib/fascist.c in cracklib allows local users to cause a
denial of service (application crash) or gain
privileges via a long GECOS field, involving
longbuffer.(CVE-2016-6318)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2439
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e440798");
script_set_attribute(attribute:"solution", value:
"Update the affected cracklib package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6318");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cracklib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cracklib-dicts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["cracklib-2.9.0-11.h1",
"cracklib-dicts-2.9.0-11.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation