{"id": "EULEROS_SA-2020-1563.NASL", "bulletinFamily": "scanner", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : gnupg2 (EulerOS-SA-2020-1563)", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2020-05-01T00:00:00", "modified": "2020-05-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/136266", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?44222924"], "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "type": "nessus", "lastseen": "2021-01-07T09:04:20", "edition": 5, "viewCount": 38, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-1607", "CVE-2015-1606"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703184", "OPENVAS:1361412562310120284", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201104", "OPENVAS:1361412562311220201563", "OPENVAS:703184", "OPENVAS:1361412562310842153", "OPENVAS:1361412562310105248"]}, {"type": "nessus", "idList": ["OPENSUSE-2015-886.NASL", "EULEROS_SA-2020-1104.NASL", "EULEROS_SA-2020-1489.NASL", "OPENSUSE-2015-840.NASL", "SUSE_SU-2015-2170-1.NASL", "UBUNTU_USN-2554-1.NASL", "EULEROS_SA-2020-2089.NASL", "SUSE_SU-2015-2171-2.NASL", "EULEROS_SA-2020-2348.NASL", "SUSE_SU-2015-2171-1.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31780", "SECURITYVULNS:DOC:31892", "SECURITYVULNS:VULN:14304"]}, {"type": "ubuntu", "idList": ["USN-2554-1"]}, {"type": "amazon", "idList": ["ALAS-2015-574"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3184-1:FCB5B", "DEBIAN:DLA-175-1:C3EFD"]}], "modified": "2021-01-07T09:04:20", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-01-07T09:04:20", "rev": 2}, "vulnersScore": 5.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136266);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-1606\",\n \"CVE-2015-1607\"\n );\n script_bugtraq_id(\n 72609,\n 72610\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : gnupg2 (EulerOS-SA-2020-1563)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1563\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?44222924\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "136266", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:gnupg2"], "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:21:21", "description": "The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-20T19:15:00", "title": "CVE-2015-1606", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1606"], "modified": "2019-11-22T16:33:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "id": "CVE-2015-1606", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1606", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:21:21", "description": "kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and \"memcpy with overlapping ranges.\"", "edition": 7, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-20T19:15:00", "title": "CVE-2015-1607", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1607"], "modified": "2019-11-22T16:19:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "CVE-2015-1607", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1607", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "openvas": [{"lastseen": "2020-05-06T01:04:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-30T00:00:00", "published": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562311220201563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201563", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1563)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1563\");\n script_version(\"2020-04-30T12:13:47+0000\");\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 12:13:47 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:13:47 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1563)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1563\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1563\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2020-1563 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and 'memcpy with overlapping ranges.'(CVE-2015-1607)\n\nThe keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.(CVE-2015-1606)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5.h2\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-02-26T16:48:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-24T00:00:00", "published": "2020-02-24T00:00:00", "id": "OPENVAS:1361412562311220201104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201104", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1104)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1104\");\n script_version(\"2020-02-24T09:05:03+0000\");\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-24 09:05:03 +0000 (Mon, 24 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-24 09:05:03 +0000 (Mon, 24 Feb 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1104)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1104\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1104\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2020-1104 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and 'memcpy with overlapping ranges.'(CVE-2015-1607)\n\nThe keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.(CVE-2015-1606)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5.h2.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-17T17:03:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2014-4617", "CVE-2015-1607"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201489", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201489", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1489)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1489\");\n script_version(\"2020-04-16T05:58:22+0000\");\n script_cve_id(\"CVE-2014-4617\", \"CVE-2015-1606\", \"CVE-2015-1607\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:58:22 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:58:22 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2020-1489)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.2\\.2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1489\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1489\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2020-1489 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.(CVE-2014-4617)\n\nkbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and 'memcpy with overlapping ranges.'(CVE-2015-1607)\n\nThe keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file.(CVE-2015-1606)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS Virtualization 3.0.2.2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.2.2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5.h2.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.2.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-19T16:05:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5270", "CVE-2015-1606", "CVE-2015-1607", "CVE-2015-0837", "CVE-2014-3591"], "description": "The remote host is missing an update for the ", "modified": "2019-12-18T00:00:00", "published": "2015-04-02T00:00:00", "id": "OPENVAS:1361412562310842153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842153", "type": "openvas", "title": "Ubuntu Update for gnupg USN-2554-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for gnupg USN-2554-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842153\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-04-02 07:13:20 +0200 (Thu, 02 Apr 2015)\");\n script_cve_id(\"CVE-2014-3591\", \"CVE-2015-0837\", \"CVE-2015-1606\", \"CVE-2015-1607\",\n \"CVE-2014-5270\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for gnupg USN-2554-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnupg'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Daniel Genkin, Lev Pachmanov, Itamar Pipman,\nand Eran Tromer discovered that GnuPG was susceptible to an attack via physical\nside channels. A local attacker could use this attack to possibly recover private keys.\n(CVE-2014-3591)\n\nDaniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was\nsusceptible to an attack via physical side channels. A local attacker could\nuse this attack to possibly recover private keys. (CVE-2015-0837)\n\nHanno B&#246 ck discovered that GnuPG incorrectly handled certain malformed\nkeyrings. If a user or automated system were tricked into opening a\nmalformed keyring, a remote attacker could use this issue to cause GnuPG to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2015-1606, CVE-2015-1607)\n\nIn addition, this update improves GnuPG security by validating that the\nkeys returned by keyservers match those requested.\");\n script_tag(name:\"affected\", value:\"gnupg on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2554-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2554-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.16-1.2ubuntu1.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gnupg2\", ver:\"2.0.24-1ubuntu2.2\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.16-1ubuntu2.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gnupg2\", ver:\"2.0.22-3ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.11-3ubuntu2.9\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"gnupg2\", ver:\"2.0.17-2ubuntu2.12.04.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.10-2ubuntu1.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-17T22:58:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120284", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120284", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-574)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120284\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:22:40 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-574)\");\n script_tag(name:\"insight\", value:\"It was reported that gnupg2 keyring DB code did not reject packets which don't belong into a keyring, which may lead to invalid read of sizeof (int).\");\n script_tag(name:\"solution\", value:\"Run yum update gnupg2 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-574.html\");\n script_cve_id(\"CVE-2015-1606\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2-debuginfo\", rpm:\"gnupg2-debuginfo~2.0.28~1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.28~1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2-smime\", rpm:\"gnupg2-smime~2.0.28~1.30.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-19T16:04:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-0837", "CVE-2014-3591"], "description": "The remote host is missing an update for gnupg (erratum 137)", "modified": "2019-12-18T00:00:00", "published": "2015-04-09T00:00:00", "id": "OPENVAS:1361412562310105248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105248", "type": "openvas", "title": "Univention Corporate Server 4.0 erratum 137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Univention Corporate Server 4.0 erratum 137\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:univention:univention_corporate_server';\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105248\");\n script_cve_id(\"CVE-2015-1606\", \"CVE-2014-3591\", \"CVE-2015-0837\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_name(\"Univention Corporate Server 4.0 erratum 137\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-04-09 10:44:33 +0200 (Thu, 09 Apr 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"General\");\n script_copyright(\"This script is Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ucs/errata\", \"ucs/version\");\n\n script_xref(name:\"URL\", value:\"http://errata.univention.de/ucs/4.0/137.html\");\n\n script_tag(name:\"vuldetect\", value:\"Checks for missing patches.\");\n\n script_tag(name:\"insight\", value:\"Multiple security issues have been found in GnuPG:\n\n * use after free when using non-standard keyring (CVE-2015-1606)\n\n * Side-channel attack on El-Gamal keys (CVE-2014-3591)\n\n * Side-channel attack in the mpi_pow() function (CVE-2015-0837)\");\n\n script_tag(name:\"solution\", value:\"Apply the missing patch(es).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for gnupg (erratum 137)\");\n\n script_tag(name:\"affected\", value:\"Univention Corporate Server 4.0 erratum < 137\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n if( ! version = get_kb_item(\"ucs/version\") ) exit( 0 );\n\nif( version !~ \"^4\\.0\" ) exit( 0 );\n\nif( ! errata = get_kb_item( \"ucs/errata\" ) ) exit( 0 );\n\nif( int( errata ) < 137 ) {\n\n report = 'UCS version: ' + version + '\\n' +\n 'Last installed errata: ' + errata + '\\n' +\n 'Fixed errata: 137\\n';\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-19T16:04:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-0837", "CVE-2014-3591"], "description": "Multiple vulnerabilities were discovered\nin GnuPG, the GNU Privacy Guard:\n\nCVE-2014-3591\nThe Elgamal decryption routine was susceptible to a side-channel\nattack discovered by researchers of Tel Aviv University. Ciphertext\nblinding was enabled to counteract it. Note that this may have a\nquite noticeable impact on Elgamal decryption performance.\n\nCVE-2015-0837\nThe modular exponentiation routine mpi_powm() was susceptible to a\nside-channel attack caused by data-dependent timing variations when\naccessing its internal pre-computed table.\n\nCVE-2015-1606\nThe keyring parsing code did not properly reject certain packet\ntypes not belonging in a keyring, which caused an access to memory\nalready freed. This could allow remote attackers to cause a denial\nof service (crash) via crafted keyring files.", "modified": "2019-12-18T00:00:00", "published": "2015-03-12T00:00:00", "id": "OPENVAS:1361412562310703184", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703184", "type": "openvas", "title": "Debian Security Advisory DSA 3184-1 (gnupg - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# Auto-generated from advisory DSA 3184-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703184\");\n script_version(\"2019-12-18T09:57:42+0000\");\n script_cve_id(\"CVE-2014-3591\", \"CVE-2015-0837\", \"CVE-2015-1606\");\n script_name(\"Debian Security Advisory DSA 3184-1 (gnupg - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-12-18 09:57:42 +0000 (Wed, 18 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2015-03-12 00:00:00 +0100 (Thu, 12 Mar 2015)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3184.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"gnupg on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.4.12-7+deb7u7.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.4.18-7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-7.\n\nWe recommend that you upgrade your gnupg packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered\nin GnuPG, the GNU Privacy Guard:\n\nCVE-2014-3591\nThe Elgamal decryption routine was susceptible to a side-channel\nattack discovered by researchers of Tel Aviv University. Ciphertext\nblinding was enabled to counteract it. Note that this may have a\nquite noticeable impact on Elgamal decryption performance.\n\nCVE-2015-0837\nThe modular exponentiation routine mpi_powm() was susceptible to a\nside-channel attack caused by data-dependent timing variations when\naccessing its internal pre-computed table.\n\nCVE-2015-1606\nThe keyring parsing code did not properly reject certain packet\ntypes not belonging in a keyring, which caused an access to memory\nalready freed. This could allow remote attackers to cause a denial\nof service (crash) via crafted keyring files.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.12-7+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnupg-curl\", ver:\"1.4.12-7+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gpgv\", ver:\"1.4.12-7+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gpgv-win32\", ver:\"1.4.12-7+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:53:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-0837", "CVE-2014-3591"], "description": "Multiple vulnerabilities were discovered\nin GnuPG, the GNU Privacy Guard:\n\nCVE-2014-3591 \nThe Elgamal decryption routine was susceptible to a side-channel\nattack discovered by researchers of Tel Aviv University. Ciphertext\nblinding was enabled to counteract it. Note that this may have a\nquite noticeable impact on Elgamal decryption performance.\n\nCVE-2015-0837 \nThe modular exponentiation routine mpi_powm() was susceptible to a\nside-channel attack caused by data-dependent timing variations when\naccessing its internal pre-computed table.\n\nCVE-2015-1606 \nThe keyring parsing code did not properly reject certain packet\ntypes not belonging in a keyring, which caused an access to memory\nalready freed. This could allow remote attackers to cause a denial\nof service (crash) via crafted keyring files.", "modified": "2017-07-07T00:00:00", "published": "2015-03-12T00:00:00", "id": "OPENVAS:703184", "href": "http://plugins.openvas.org/nasl.php?oid=703184", "type": "openvas", "title": "Debian Security Advisory DSA 3184-1 (gnupg - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3184.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3184-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703184);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-3591\", \"CVE-2015-0837\", \"CVE-2015-1606\");\n script_name(\"Debian Security Advisory DSA 3184-1 (gnupg - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-03-12 00:00:00 +0100 (Thu, 12 Mar 2015)\");\n script_tag(name: \"cvss_base\", value: \"10.0\");\n script_tag(name: \"cvss_base_vector\", value: \"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3184.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"gnupg on Debian Linux\");\n script_tag(name: \"insight\", value: \"GnuPG is GNU's tool for secure\ncommunication and data storage. It can be used to encrypt data and to create\ndigital signatures. It includes an advanced key management facility and is\ncompliant with the proposed OpenPGP Internet standard as described in RFC 4880.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 1.4.12-7+deb7u7.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.4.18-7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-7.\n\nWe recommend that you upgrade your gnupg packages.\");\n script_tag(name: \"summary\", value: \"Multiple vulnerabilities were discovered\nin GnuPG, the GNU Privacy Guard:\n\nCVE-2014-3591 \nThe Elgamal decryption routine was susceptible to a side-channel\nattack discovered by researchers of Tel Aviv University. Ciphertext\nblinding was enabled to counteract it. Note that this may have a\nquite noticeable impact on Elgamal decryption performance.\n\nCVE-2015-0837 \nThe modular exponentiation routine mpi_powm() was susceptible to a\nside-channel attack caused by data-dependent timing variations when\naccessing its internal pre-computed table.\n\nCVE-2015-1606 \nThe keyring parsing code did not properly reject certain packet\ntypes not belonging in a keyring, which caused an access to memory\nalready freed. This could allow remote attackers to cause a denial\nof service (crash) via crafted keyring files.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.12-7+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnupg-curl\", ver:\"1.4.12-7+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gpgv\", ver:\"1.4.12-7+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gpgv-win32\", ver:\"1.4.12-7+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.6, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:LOW/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T09:02:12", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-02-24T00:00:00", "title": "EulerOS 2.0 SP5 : gnupg2 (EulerOS-SA-2020-1104)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gnupg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1104.NASL", "href": "https://www.tenable.com/plugins/nessus/133905", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133905);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-1606\",\n \"CVE-2015-1607\"\n );\n script_bugtraq_id(\n 72609,\n 72610\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : gnupg2 (EulerOS-SA-2020-1104)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1104\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb8283fa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:14", "description": "The gpg2 package was updated to fix the following security and non\nsecurity issues :\n\n - CVE-2015-1606: Fixed invalid memory read using a garbled\n keyring (bsc#918089).\n\n - CVE-2015-1607: Fixed memcpy with overlapping ranges\n (bsc#918090).\n\n - bsc#955753: Fixed a regression of 'gpg --recv' due to\n keyserver import filter (also boo#952347).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2015-12-04T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2015:2171-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2015-12-04T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:gpg2-debugsource", "p-cpe:/a:novell:suse_linux:gpg2-debuginfo", "p-cpe:/a:novell:suse_linux:gpg2"], "id": "SUSE_SU-2015-2171-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87197", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2171-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87197);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n script_bugtraq_id(72609, 72610);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2015:2171-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gpg2 package was updated to fix the following security and non\nsecurity issues :\n\n - CVE-2015-1606: Fixed invalid memory read using a garbled\n keyring (bsc#918089).\n\n - CVE-2015-1607: Fixed memcpy with overlapping ranges\n (bsc#918090).\n\n - bsc#955753: Fixed a regression of 'gpg --recv' due to\n keyserver import filter (also boo#952347).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1607/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152171-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ca971964\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-922=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-922=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gpg2-2.0.24-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gpg2-debuginfo-2.0.24-3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gpg2-debugsource-2.0.24-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gpg2-2.0.24-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gpg2-debuginfo-2.0.24-3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"gpg2-debugsource-2.0.24-3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:21", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : gnupg2 (EulerOS-SA-2020-2089)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gnupg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2089.NASL", "href": "https://www.tenable.com/plugins/nessus/140856", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140856);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-1606\",\n \"CVE-2015-1607\"\n );\n script_bugtraq_id(\n 72609,\n 72610\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : gnupg2 (EulerOS-SA-2020-2089)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2089\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f18fb183\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:13", "description": "This update for gpg2 fixes the following issues :\n\n - Fix cve-2015-1606 (bsc#918089)\n\n - Invalid memory read using a garbled keyring\n\n -\n 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-\n k.patch\n\n - Fix cve-2015-1607 (bsc#918090)\n\n - Memcpy with overlapping ranges\n\n -\n 0001-Use-inline-functions-to-convert-buffer-data-to-scal\n a.patch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2015-12-04T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : gpg2 (SUSE-SU-2015:2170-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2015-12-04T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:gpg2-lang", "p-cpe:/a:novell:suse_linux:gpg2"], "id": "SUSE_SU-2015-2170-1.NASL", "href": "https://www.tenable.com/plugins/nessus/87196", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2170-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87196);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n script_bugtraq_id(72609, 72610);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : gpg2 (SUSE-SU-2015:2170-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gpg2 fixes the following issues :\n\n - Fix cve-2015-1606 (bsc#918089)\n\n - Invalid memory read using a garbled keyring\n\n -\n 0001-Gpg-prevent-an-invalid-memory-read-using-a-garbled-\n k.patch\n\n - Fix cve-2015-1607 (bsc#918090)\n\n - Memcpy with overlapping ranges\n\n -\n 0001-Use-inline-functions-to-convert-buffer-data-to-scal\n a.patch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1607/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152170-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f2c22a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-gpg2-12240=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-gpg2-12240=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-gpg2-12240=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-gpg2-12240=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-gpg2-12240=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-gpg2-12240=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-gpg2-12240=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gpg2-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gpg2-lang-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gpg2-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gpg2-lang-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"gpg2-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"gpg2-lang-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"gpg2-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"gpg2-lang-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"gpg2-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"gpg2-lang-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"gpg2-2.0.9-25.33.41.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"gpg2-lang-2.0.9-25.33.41.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:23:14", "description": "The gpg2 package was updated to fix the following security and non\nsecurity issues :\n\n - CVE-2015-1606: Fixed invalid memory read using a garbled\n keyring (bsc#918089).\n\n - CVE-2015-1607: Fixed memcpy with overlapping ranges\n (bsc#918090).\n\n - bsc#955753: Fixed a regression of 'gpg --recv' due to\n keyserver import filter (also boo#952347).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2015-12-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2015:2171-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2015-12-29T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:gpg2-debugsource", "p-cpe:/a:novell:suse_linux:gpg2-debuginfo", "p-cpe:/a:novell:suse_linux:gpg2"], "id": "SUSE_SU-2015-2171-2.NASL", "href": "https://www.tenable.com/plugins/nessus/87644", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2171-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87644);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n script_bugtraq_id(72609, 72610);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2015:2171-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gpg2 package was updated to fix the following security and non\nsecurity issues :\n\n - CVE-2015-1606: Fixed invalid memory read using a garbled\n keyring (bsc#918089).\n\n - CVE-2015-1607: Fixed memcpy with overlapping ranges\n (bsc#918090).\n\n - bsc#955753: Fixed a regression of 'gpg --recv' due to\n keyserver import filter (also boo#952347).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=918090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=952347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1606/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1607/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152171-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7e634405\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-922=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-922=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gpg2-2.0.24-3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gpg2-debuginfo-2.0.24-3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gpg2-debugsource-2.0.24-3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gpg2-2.0.24-3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gpg2-debuginfo-2.0.24-3.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gpg2-debugsource-2.0.24-3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:53", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2020-2348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gnupg2", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2348.NASL", "href": "https://www.tenable.com/plugins/nessus/142256", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142256);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-1606\",\n \"CVE-2015-1607\"\n );\n script_bugtraq_id(\n 72609,\n 72610\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2020-2348)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2348\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54ec5613\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:57", "description": "The gpg2 package was updated to fix the following security and non\nsecurity issues :\n\n - CVE-2015-1606: Fixed invalid memory read using a garbled\n keyring (bsc#918089).\n\n - CVE-2015-1607: Fixed memcpy with overlapping ranges\n (bsc#918090).\n\n - bsc#955753: Fixed a regression of 'gpg --recv' due to\n keyserver import filter (also boo#952347).", "edition": 18, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2015-12-16T00:00:00", "title": "openSUSE Security Update : gpg2 (openSUSE-2015-886)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2015-12-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gpg2", "p-cpe:/a:novell:opensuse:gpg2-lang", "p-cpe:/a:novell:opensuse:gpg2-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:gpg2-debugsource"], "id": "OPENSUSE-2015-886.NASL", "href": "https://www.tenable.com/plugins/nessus/87392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-886.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87392);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n\n script_name(english:\"openSUSE Security Update : gpg2 (openSUSE-2015-886)\");\n script_summary(english:\"Check for the openSUSE-2015-886 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The gpg2 package was updated to fix the following security and non\nsecurity issues :\n\n - CVE-2015-1606: Fixed invalid memory read using a garbled\n keyring (bsc#918089).\n\n - CVE-2015-1607: Fixed memcpy with overlapping ranges\n (bsc#918090).\n\n - bsc#955753: Fixed a regression of 'gpg --recv' due to\n keyserver import filter (also boo#952347).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955753\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gpg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gpg2-2.0.24-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gpg2-debuginfo-2.0.24-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gpg2-debugsource-2.0.24-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gpg2-lang-2.0.24-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2 / gpg2-debuginfo / gpg2-debugsource / gpg2-lang\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T12:28:56", "description": "GnuPG was updated to fix two memory handling issues with potential\nsecurity impact :\n\n - CVE-2015-1606: Invalid memory read using a garbled\n keyring (bsc#918089)\n\n - CVE-2015-1607: memcpy with overlapping ranges\n (bsc#918090)", "edition": 17, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2015-12-01T00:00:00", "title": "openSUSE Security Update : GnuPG (openSUSE-2015-840)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2015-1607"], "modified": "2015-12-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gpg2", "p-cpe:/a:novell:opensuse:gpg2-lang", "p-cpe:/a:novell:opensuse:gpg2-debuginfo", "p-cpe:/a:novell:opensuse:gpg2-debugsource", "cpe:/o:novell:opensuse:13.2", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-840.NASL", "href": "https://www.tenable.com/plugins/nessus/87117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-840.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(87117);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1606\", \"CVE-2015-1607\");\n\n script_name(english:\"openSUSE Security Update : GnuPG (openSUSE-2015-840)\");\n script_summary(english:\"Check for the openSUSE-2015-840 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GnuPG was updated to fix two memory handling issues with potential\nsecurity impact :\n\n - CVE-2015-1606: Invalid memory read using a garbled\n keyring (bsc#918089)\n\n - CVE-2015-1607: memcpy with overlapping ranges\n (bsc#918090)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918090\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected GnuPG packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gpg2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gpg2-2.0.22-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gpg2-debuginfo-2.0.22-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gpg2-debugsource-2.0.22-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"gpg2-lang-2.0.22-12.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gpg2-2.0.26-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gpg2-debuginfo-2.0.26-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gpg2-debugsource-2.0.26-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gpg2-lang-2.0.26-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2 / gpg2-debuginfo / gpg2-debugsource / gpg2-lang\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:03:59", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The do_uncompress function in g10/compress.c in GnuPG\n 1.x before 1.4.17 and 2.x before 2.0.24 allows\n context-dependent attackers to cause a denial of\n service (infinite loop) via malformed compressed\n packets, as demonstrated by an a3 01 5b ff byte\n sequence.(CVE-2014-4617)\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-04-16T00:00:00", "title": "EulerOS Virtualization 3.0.2.2 : gnupg2 (EulerOS-SA-2020-1489)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-1606", "CVE-2014-4617", "CVE-2015-1607"], "modified": "2020-04-16T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.2", "p-cpe:/a:huawei:euleros:gnupg2"], "id": "EULEROS_SA-2020-1489.NASL", "href": "https://www.tenable.com/plugins/nessus/135651", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135651);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-4617\",\n \"CVE-2015-1606\",\n \"CVE-2015-1607\"\n );\n script_bugtraq_id(\n 68156,\n 72609,\n 72610\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : gnupg2 (EulerOS-SA-2020-1489)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The do_uncompress function in g10/compress.c in GnuPG\n 1.x before 1.4.17 and 2.x before 2.0.24 allows\n context-dependent attackers to cause a denial of\n service (infinite loop) via malformed compressed\n packets, as demonstrated by an a3 01 5b ff byte\n sequence.(CVE-2014-4617)\n\n - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x\n before 2.0.27, and 2.1.x before 2.1.2 does not properly\n handle bitwise left-shifts, which allows remote\n attackers to cause a denial of service (invalid read\n operation) via a crafted keyring file, related to sign\n extensions and 'memcpy with overlapping\n ranges.'(CVE-2015-1607)\n\n - The keyring DB in GnuPG before 2.1.2 does not properly\n handle invalid packets, which allows remote attackers\n to cause a denial of service (invalid read and\n use-after-free) via a crafted keyring\n file.(CVE-2015-1606)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1489\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22e245b1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T15:28:49", "description": "Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer\ndiscovered that GnuPG was susceptible to an attack via physical side\nchannels. A local attacker could use this attack to possibly recover\nprivate keys. (CVE-2014-3591)\n\nDaniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was\nsusceptible to an attack via physical side channels. A local attacker\ncould use this attack to possibly recover private keys.\n(CVE-2015-0837)\n\nHanno Bock discovered that GnuPG incorrectly handled certain\nmalformed keyrings. If a user or automated system were tricked into\nopening a malformed keyring, a remote attacker could use this issue to\ncause GnuPG to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-1606, CVE-2015-1607)\n\nIn addition, this update improves GnuPG security by validating that\nthe keys returned by keyservers match those requested.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 5.9, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2015-04-02T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : gnupg, gnupg2 vulnerabilities (USN-2554-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5270", "CVE-2015-1606", "CVE-2015-1607", "CVE-2015-0837", "CVE-2014-3591"], "modified": "2015-04-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gnupg", "cpe:/o:canonical:ubuntu_linux:14.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:gnupg2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2554-1.NASL", "href": "https://www.tenable.com/plugins/nessus/82526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2554-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82526);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3591\", \"CVE-2014-5270\", \"CVE-2015-0837\", \"CVE-2015-1606\", \"CVE-2015-1607\");\n script_bugtraq_id(69164, 72609, 72610, 73064, 73066);\n script_xref(name:\"USN\", value:\"2554-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : gnupg, gnupg2 vulnerabilities (USN-2554-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer\ndiscovered that GnuPG was susceptible to an attack via physical side\nchannels. A local attacker could use this attack to possibly recover\nprivate keys. (CVE-2014-3591)\n\nDaniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was\nsusceptible to an attack via physical side channels. A local attacker\ncould use this attack to possibly recover private keys.\n(CVE-2015-0837)\n\nHanno Bock discovered that GnuPG incorrectly handled certain\nmalformed keyrings. If a user or automated system were tricked into\nopening a malformed keyring, a remote attacker could use this issue to\ncause GnuPG to crash, resulting in a denial of service, or possibly\nexecute arbitrary code. (CVE-2015-1606, CVE-2015-1607)\n\nIn addition, this update improves GnuPG security by validating that\nthe keys returned by keyservers match those requested.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2554-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg and / or gnupg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"gnupg\", pkgver:\"1.4.10-2ubuntu1.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"gnupg\", pkgver:\"1.4.11-3ubuntu2.9\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"gnupg2\", pkgver:\"2.0.17-2ubuntu2.12.04.6\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"gnupg\", pkgver:\"1.4.16-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"gnupg2\", pkgver:\"2.0.22-3ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"gnupg\", pkgver:\"1.4.16-1.2ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"gnupg2\", pkgver:\"2.0.24-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg / gnupg2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:59", "bulletinFamily": "software", "cvelist": ["CVE-2015-1606", "CVE-2015-1607", "CVE-2015-0837", "CVE-2014-3591"], "description": "Use-after-free, backside channels information disclosure.", "edition": 1, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:VULN:14304", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14304", "title": "GnuPG / libgcrypt multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "cvelist": ["CVE-2014-5270", "CVE-2015-1606", "CVE-2015-1607", "CVE-2015-0837", "CVE-2014-3591"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2554-1\r\nApril 01, 2015\r\n\r\ngnupg, gnupg2 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.10\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in GnuPG.\r\n\r\nSoftware Description:\r\n- gnupg: GNU privacy guard - a free PGP replacement\r\n- gnupg2: GNU privacy guard - a free PGP replacement\r\n\r\nDetails:\r\n\r\nDaniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered\r\nthat GnuPG was susceptible to an attack via physical side channels. A local\r\nattacker could use this attack to possibly recover private keys.\r\n&#40;CVE-2014-3591&#41;\r\n\r\nDaniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was\r\nsusceptible to an attack via physical side channels. A local attacker could\r\nuse this attack to possibly recover private keys. &#40;CVE-2015-0837&#41;\r\n\r\nHanno Bock discovered that GnuPG incorrectly handled certain malformed\r\nkeyrings. If a user or automated system were tricked into opening a\r\nmalformed keyring, a remote attacker could use this issue to cause GnuPG to\r\ncrash, resulting in a denial of service, or possibly execute arbitrary\r\ncode. &#40;CVE-2015-1606, CVE-2015-1607&#41;\r\n\r\nIn addition, this update improves GnuPG security by validating that the\r\nkeys returned by keyservers match those requested.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.10:\r\n gnupg 1.4.16-1.2ubuntu1.2\r\n gnupg2 2.0.24-1ubuntu2.2\r\n\r\nUbuntu 14.04 LTS:\r\n gnupg 1.4.16-1ubuntu2.3\r\n gnupg2 2.0.22-3ubuntu1.3\r\n\r\nUbuntu 12.04 LTS:\r\n gnupg 1.4.11-3ubuntu2.9\r\n gnupg2 2.0.17-2ubuntu2.12.04.6\r\n\r\nUbuntu 10.04 LTS:\r\n gnupg 1.4.10-2ubuntu1.8\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2554-1\r\n CVE-2014-3591, CVE-2014-5270, CVE-2015-0837, CVE-2015-1606,\r\n CVE-2015-1607\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1.2ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/gnupg2/2.0.24-1ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/gnupg/1.4.16-1ubuntu2.3\r\n https://launchpad.net/ubuntu/+source/gnupg2/2.0.22-3ubuntu1.3\r\n https://launchpad.net/ubuntu/+source/gnupg/1.4.11-3ubuntu2.9\r\n https://launchpad.net/ubuntu/+source/gnupg2/2.0.17-2ubuntu2.12.04.6\r\n https://launchpad.net/ubuntu/+source/gnupg/1.4.10-2ubuntu1.8\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:DOC:31892", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31892", "title": "[USN-2554-1] GnuPG vulnerabilities", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2015-1606", "CVE-2015-0837", "CVE-2014-3591"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3184-1 security@debian.org\r\nhttp://www.debian.org/security/ Alessandro Ghedini\r\nMarch 12, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : gnupg\r\nCVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606\r\n\r\nMultiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:\r\n\r\nCVE-2014-3591\r\n\r\n The Elgamal decryption routine was susceptible to a side-channel\r\n attack discovered by researchers of Tel Aviv University. Ciphertext\r\n blinding was enabled to counteract it. Note that this may have a\r\n quite noticeable impact on Elgamal decryption performance.\r\n\r\nCVE-2015-0837\r\n\r\n The modular exponentiation routine mpi_powm&#40;&#41; was susceptible to a\r\n side-channel attack caused by data-dependent timing variations when\r\n accessing its internal pre-computed table.\r\n\r\nCVE-2015-1606\r\n\r\n The keyring parsing code did not properly reject certain packet\r\n types not belonging in a keyring, which caused an access to memory\r\n already freed. This could allow remote attackers to cause a denial\r\n of service &#40;crash&#41; via crafted keyring files.\r\n\r\nFor the stable distribution &#40;wheezy&#41;, these problems have been fixed in\r\nversion 1.4.12-7+deb7u7.\r\n\r\nFor the upcoming stable distribution &#40;jessie&#41;, these problems have been\r\nfixed in version 1.4.18-7.\r\n\r\nFor the unstable distribution &#40;sid&#41;, these problems have been fixed in\r\nversion 1.4.18-7.\r\n\r\nWe recommend that you upgrade your gnupg packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQEcBAEBCAAGBQJVAdGHAAoJEFb2GnlAHawEJp4IAI50qDF5+QdQQ/1cvcP1tqda\r\nH9QOu6omsKtiXtyTKQnoRfDmZ6dKblWdJMfH9cK9bfoziixwTTkol374u0xuTucY\r\nMW6x08InvELESJKrgGvnnoj+g3xAvHDBOt0BXcL9tBYV81ZzaHBCS75VwwMwHD8n\r\nB3mErX24JpnTH0Y2C4xAi+SuQ74KasB9FGSz3aAbrkvpwTEOumtLc9NG4mROjRXg\r\nARRJRIQv+PZ8VW2/vImoMiuAgALRttREtoVbaRoKOg8if/r9g49Ix28QFxrfJV7x\r\nP2CaHXLfdcJq5oPuRltJK7vXmQUYwbgQAzv2Xmy0350HzfQcTTvBUFbld2Nd9dE=\r\n=TLCo\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-03-15T00:00:00", "published": "2015-03-15T00:00:00", "id": "SECURITYVULNS:DOC:31780", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31780", "title": "[SECURITY] [DSA 3184-1] gnupg security update", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:10", "bulletinFamily": "unix", "cvelist": ["CVE-2014-5270", "CVE-2015-1606", "CVE-2015-1607", "CVE-2015-0837", "CVE-2014-3591"], "description": "Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered \nthat GnuPG was susceptible to an attack via physical side channels. A local \nattacker could use this attack to possibly recover private keys. \n(CVE-2014-3591)\n\nDaniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was \nsusceptible to an attack via physical side channels. A local attacker could \nuse this attack to possibly recover private keys. (CVE-2015-0837)\n\nHanno B\u00f6ck discovered that GnuPG incorrectly handled certain malformed \nkeyrings. If a user or automated system were tricked into opening a \nmalformed keyring, a remote attacker could use this issue to cause GnuPG to \ncrash, resulting in a denial of service, or possibly execute arbitrary \ncode. (CVE-2015-1606, CVE-2015-1607)\n\nIn addition, this update improves GnuPG security by validating that the \nkeys returned by keyservers match those requested.", "edition": 69, "modified": "2015-04-01T00:00:00", "published": "2015-04-01T00:00:00", "id": "USN-2554-1", "href": "https://ubuntu.com/security/notices/USN-2554-1", "title": "GnuPG vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1606"], "description": "**Issue Overview:**\n\nIt was [reported](<https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html>) that gnupg2 keyring DB code did not reject packets which don't belong into a keyring, which may lead to invalid read of sizeof (int).\n\n \n**Affected Packages:** \n\n\ngnupg2\n\n \n**Issue Correction:** \nRun _yum update gnupg2_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnupg2-debuginfo-2.0.28-1.30.amzn1.i686 \n gnupg2-2.0.28-1.30.amzn1.i686 \n gnupg2-smime-2.0.28-1.30.amzn1.i686 \n \n src: \n gnupg2-2.0.28-1.30.amzn1.src \n \n x86_64: \n gnupg2-debuginfo-2.0.28-1.30.amzn1.x86_64 \n gnupg2-smime-2.0.28-1.30.amzn1.x86_64 \n gnupg2-2.0.28-1.30.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2015-07-28T11:35:00", "published": "2015-07-28T11:35:00", "id": "ALAS-2015-574", "href": "https://alas.aws.amazon.com/ALAS-2015-574.html", "title": "Low: gnupg2", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:01:27", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1606", "CVE-2015-0837", "CVE-2014-3591"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3184-1 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini\nMarch 12, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnupg\nCVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606\n\nMultiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:\n\nCVE-2014-3591\n\n The Elgamal decryption routine was susceptible to a side-channel\n attack discovered by researchers of Tel Aviv University. Ciphertext\n blinding was enabled to counteract it. Note that this may have a\n quite noticeable impact on Elgamal decryption performance.\n\nCVE-2015-0837\n\n The modular exponentiation routine mpi_powm() was susceptible to a\n side-channel attack caused by data-dependent timing variations when\n accessing its internal pre-computed table.\n\nCVE-2015-1606\n\n The keyring parsing code did not properly reject certain packet\n types not belonging in a keyring, which caused an access to memory\n already freed. This could allow remote attackers to cause a denial\n of service (crash) via crafted keyring files.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.12-7+deb7u7.\n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.4.18-7.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.18-7.\n\nWe recommend that you upgrade your gnupg packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2015-03-12T17:56:17", "published": "2015-03-12T17:56:17", "id": "DEBIAN:DSA-3184-1:FCB5B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00069.html", "title": "[SECURITY] [DSA 3184-1] gnupg security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-11T13:17:14", "bulletinFamily": "unix", "cvelist": ["CVE-2015-1606", "CVE-2015-0837", "CVE-2014-3591"], "description": "Package : gnupg\nVersion : 1.4.10-4+squeeze7\nCVE ID : CVE-2014-3591 CVE-2015-0837 CVE-2015-1606\nDebian Bug : 778652\n\nMultiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard:\n\nCVE-2014-3591\n\n The Elgamal decryption routine was susceptible to a side-channel\n attack discovered by researchers of Tel Aviv University. Ciphertext\n blinding was enabled to counteract it. Note that this may have a quite\n noticeable impact on Elgamal decryption performance.\n\nCVE-2015-0837\n\n The modular exponentiation routine mpi_powm() was susceptible to a\n side-channel attack caused by data-dependent timing variations when\n accessing its internal pre-computed table.\n\nCVE-2015-1606\n\n The keyring parsing code did not properly reject certain packet types\n not belonging in a keyring, which caused an access to memory already\n freed. This could allow remote attackers to cause a denial of service\n (crash) via crafted keyring files.\n\nFor the oldstable distribution (squeeze), those problems have been fixed in\nversion 1.4.10-4+squeeze7.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.4.12-7+deb7u7.\n\nWe recommend that you upgrade your gnupg packages.\n\n-- \nRapha\u00ebl Hertzog \u25c8 Debian Developer\n\nSupport Debian LTS: http://www.freexian.com/services/debian-lts.html\nLearn to master Debian: http://debian-handbook.info/get/\n", "edition": 8, "modified": "2015-03-17T15:35:44", "published": "2015-03-17T15:35:44", "id": "DEBIAN:DLA-175-1:C3EFD", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201503/msg00012.html", "title": "[SECURITY] [DLA 175-1] gnupg security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}