{"id": "EULEROS_SA-2021-1430.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS Virtualization 3.0.2.6 : file (EulerOS-SA-2021-1430)", "description": "According to the version of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2021-03-10T00:00:00", "modified": "2021-03-16T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/147503", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620", "http://www.nessus.org/u?f393bb0f"], "cvelist": ["CVE-2014-9620"], "immutableFields": [], "lastseen": "2021-08-19T12:05:38", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-497"]}, {"type": "centos", "idList": ["CESA-2016:0760"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A58A28BA2BEDC49368B2C44649B60BD8"]}, {"type": "cve", "idList": ["CVE-2014-9620"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9620"]}, {"type": "fedora", "idList": ["FEDORA:12ECA6048D46"]}, {"type": "gentoo", "idList": ["GLSA-201503-08"]}, {"type": "ibm", "idList": ["045B04E2252E3B851D69AA785CAC9B0BD8A6AF9E04C95FB3C9A6AE0C081B07DB", "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "4ADB4E5C9333BE81F0AE13CD11FC54A35D37B3E631931FE894238620EDC74EB0", "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-497.NASL", "CENTOS_RHSA-2016-0760.NASL", "DEBIAN_DSA-3121.NASL", "EULEROS_SA-2019-2449.NASL", "EULEROS_SA-2019-2578.NASL", "EULEROS_SA-2021-1187.NASL", "EULEROS_SA-2021-1471.NASL", "EULEROS_SA-2021-2116.NASL", "FEDORA_2015-2020.NASL", "GENTOO_GLSA-201503-08.NASL", "MANDRIVA_MDVSA-2015-010.NASL", "MANDRIVA_MDVSA-2015-080.NASL", "OPENSUSE-2017-1298.NASL", "ORACLELINUX_ELSA-2016-0760.NASL", "ORACLEVM_OVMSA-2016-0050.NASL", "REDHAT-RHSA-2016-0760.NASL", "SL_20160510_FILE_ON_SL6_X.NASL", "SUSE_SU-2017-3048-1.NASL", "SUSE_SU-2018-0053-1.NASL", "UBUNTU_USN-3686-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120171", "OPENVAS:1361412562310121362", "OPENVAS:1361412562310703121", "OPENVAS:1361412562310843561", "OPENVAS:1361412562310869021", "OPENVAS:1361412562310871616", "OPENVAS:1361412562311220192449", "OPENVAS:1361412562311220192578", "OPENVAS:703121"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0760"]}, {"type": "redhat", "idList": ["RHSA-2016:0760"]}, {"type": "ubuntu", "idList": ["USN-3686-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9620"]}], "rev": 4}, "score": {"value": 5.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2015-497"]}, {"type": "centos", "idList": ["CESA-2016:0760"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A58A28BA2BEDC49368B2C44649B60BD8"]}, {"type": "cve", "idList": ["CVE-2014-9620"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-9620"]}, {"type": "gentoo", "idList": ["GLSA-201503-08"]}, {"type": "ibm", "idList": ["045B04E2252E3B851D69AA785CAC9B0BD8A6AF9E04C95FB3C9A6AE0C081B07DB"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-2449.NASL", "OPENSUSE-2017-1298.NASL", "REDHAT-RHSA-2016-0760.NASL", "SUSE_SU-2018-0053-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107358", "OPENVAS:1361412562311220192578"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0760"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9620"]}]}, "exploitation": null, "vulnersScore": 5.3}, "pluginID": "147503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147503);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2014-9620\"\n );\n script_bugtraq_id(\n 71715\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : file (EulerOS-SA-2021-1430)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the file packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote\n attackers to cause a denial of service via a large\n number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1430\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f393bb0f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.11-33.h2.eulerosv2r7\",\n \"file-libs-5.11-33.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:file-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "solution": "Update the affected file package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Low", "score": "3.6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-04T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}

{"ubuntucve": [{"lastseen": "2021-11-22T21:50:28", "description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a\ndenial of service via a large number of notes.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | readelf.c not used in php5\n", "cvss3": {}, "published": "2015-01-21T00:00:00", "type": "ubuntucve", "title": "CVE-2014-9620", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9620"], "modified": "2015-01-21T00:00:00", "id": "UB:CVE-2014-9620", "href": "https://ubuntu.com/security/CVE-2014-9620", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:05:58", "description": "According to the version of the file packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : file (EulerOS-SA-2021-1471)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:file-libs", "p-cpe:/a:huawei:euleros:python-magic", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1471.NASL", "href": "https://www.tenable.com/plugins/nessus/147489", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147489);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2014-9620\"\n );\n script_bugtraq_id(\n 71715\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : file (EulerOS-SA-2021-1471)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the file packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote\n attackers to cause a denial of service via a large\n number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1471\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?47adcc25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.11-33.h2.eulerosv2r7\",\n \"file-libs-5.11-33.h2.eulerosv2r7\",\n \"python-magic-5.11-33.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:17:36", "description": "According to the version of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2019-12-19T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : file (EulerOS-SA-2019-2578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:file-libs", "p-cpe:/a:huawei:euleros:python-magic", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2578.NASL", "href": "https://www.tenable.com/plugins/nessus/132295", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132295);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9620\"\n );\n script_bugtraq_id(\n 71715\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : file (EulerOS-SA-2019-2578)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the file packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote\n attackers to cause a denial of service via a large\n number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2578\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9b688bc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.11-31.h1\",\n \"file-libs-5.11-31.h1\",\n \"python-magic-5.11-31.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T11:59:51", "description": "According to the version of the file packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : file (EulerOS-SA-2021-2116)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:file-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2116.NASL", "href": "https://www.tenable.com/plugins/nessus/151315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151315);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2014-9620\"\n );\n script_bugtraq_id(\n 71715\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : file (EulerOS-SA-2021-2116)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the file packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - A flaw was found in the way the File Information\n (fileinfo) extension parsed Executable and Linkable\n Format (ELF) files. A remote attacker could use this\n flaw to crash a PHP application using fileinfo via a\n specially crafted ELF file.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2116\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7336241f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.11-33.h2\",\n \"file-libs-5.11-33.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:08:04", "description": "According to the version of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2021-02-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : file (EulerOS-SA-2021-1187)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:file-libs", "p-cpe:/a:huawei:euleros:python-magic", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1187.NASL", "href": "https://www.tenable.com/plugins/nessus/146110", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146110);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2014-9620\"\n );\n script_bugtraq_id(\n 71715\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : file (EulerOS-SA-2021-1187)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the file packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The ELF parser in file 5.08 through 5.21 allows remote\n attackers to cause a denial of service via a large\n number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1187\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?24f56629\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.11-33.h2.eulerosv2r7\",\n \"file-libs-5.11-33.h2.eulerosv2r7\",\n \"python-magic-5.11-33.h2.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-22T01:11:14", "description": "According to the versions of the file packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218)\n\n - The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : file (EulerOS-SA-2019-2449)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620", "CVE-2019-18218"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:file", "p-cpe:/a:huawei:euleros:file-libs", "p-cpe:/a:huawei:euleros:python-magic", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2449.NASL", "href": "https://www.tenable.com/plugins/nessus/131603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131603);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-9620\",\n \"CVE-2019-18218\"\n );\n script_bugtraq_id(\n 71715\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : file (EulerOS-SA-2019-2449)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the file packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - cdf_read_property_info in cdf.c in file through 5.37\n does not restrict the number of CDF_VECTOR elements,\n which allows a heap-based buffer overflow (4-byte\n out-of-bounds write).(CVE-2019-18218)\n\n - The ELF parser in file 5.08 through 5.21 allows remote\n attackers to cause a denial of service via a large\n number of notes.(CVE-2014-9620)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2449\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?03efe5c9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"file-5.11-31.h2\",\n \"file-libs-5.11-31.h2\",\n \"python-magic-5.11-31.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:02", "description": "Multiple security issues have been found in file, a tool/library to determine a file type. Processing a malformed file could result in denial of service. Most of the changes are related to parsing ELF files.\n\nAs part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in messages like 'recursion limit exceeded' or 'too many program header sections'.\n\nTo mitigate such shortcomings, these limits are controllable by a new\n- -P, --parameter option in the file program.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "Debian DSA-3121-1 : file - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:file", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3121.NASL", "href": "https://www.tenable.com/plugins/nessus/80420", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3121. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80420);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\");\n script_bugtraq_id(71692, 71700);\n script_xref(name:\"DSA\", value:\"3121\");\n\n script_name(english:\"Debian DSA-3121-1 : file - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security issues have been found in file, a tool/library to\ndetermine a file type. Processing a malformed file could result in\ndenial of service. Most of the changes are related to parsing ELF\nfiles.\n\nAs part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like 'recursion\nlimit exceeded' or 'too many program header sections'.\n\nTo mitigate such shortcomings, these limits are controllable by a new\n- -P, --parameter option in the file program.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/file\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3121\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the file packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 5.11-2+deb7u7.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"file\", reference:\"5.11-2+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagic-dev\", reference:\"5.11-2+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libmagic1\", reference:\"5.11-2+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-magic\", reference:\"5.11-2+deb7u7\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-magic-dbg\", reference:\"5.11-2+deb7u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:46:44", "description": "The remote host is affected by the vulnerability described in GLSA-201503-08 (file: Denial of Service)\n\n Multiple issues with the ELF parser used by the file utility have been detected and fixed.\n Impact :\n\n A context-dependent attacker can cause Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-24T00:00:00", "type": "nessus", "title": "GLSA-201503-08 : file: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2270", "CVE-2014-9620", "CVE-2014-9621"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:file", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201503-08.NASL", "href": "https://www.tenable.com/plugins/nessus/82007", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201503-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82007);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2270\", \"CVE-2014-9620\", \"CVE-2014-9621\");\n script_bugtraq_id(66002, 71714, 71715);\n script_xref(name:\"GLSA\", value:\"201503-08\");\n\n script_name(english:\"GLSA-201503-08 : file: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201503-08\n(file: Denial of Service)\n\n Multiple issues with the ELF parser used by the file utility have been\n detected and fixed.\n \nImpact :\n\n A context-dependent attacker can cause Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201503-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All file users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-apps/file-5.22'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-apps/file\", unaffected:make_list(\"ge 5.22\"), vulnerable:make_list(\"lt 5.22\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:47:11", "description": "Updated file packages fix security vulnerabilities :\n\nThomas Jarosch of Intra2net AG reported that using the file command on a specially crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption (CVE-2014-8116).\n\nThomas Jarosch of Intra2net AG reported that using the file command on a specially crafted ELF binary could lead to a denial of service due to uncontrolled recursion (CVE-2014-8117).\n\nThe ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes (CVE-2014-9620).\n\nThe ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string (CVE-2014-9621).\n\nThe updated file packages has been upgraded to the latest 5.22 version which is not vulnerable to these issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-09T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : file (MDVSA-2015:010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:file", "p-cpe:/a:mandriva:linux:lib64magic-devel", "p-cpe:/a:mandriva:linux:lib64magic-static-devel", "p-cpe:/a:mandriva:linux:lib64magic1", "p-cpe:/a:mandriva:linux:python-magic", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2015-010.NASL", "href": "https://www.tenable.com/plugins/nessus/80429", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:010. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80429);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\");\n script_bugtraq_id(71692, 71700);\n script_xref(name:\"MDVSA\", value:\"2015:010\");\n\n script_name(english:\"Mandriva Linux Security Advisory : file (MDVSA-2015:010)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated file packages fix security vulnerabilities :\n\nThomas Jarosch of Intra2net AG reported that using the file command on\na specially crafted ELF binary could lead to a denial of service due\nto uncontrolled resource consumption (CVE-2014-8116).\n\nThomas Jarosch of Intra2net AG reported that using the file command on\na specially crafted ELF binary could lead to a denial of service due\nto uncontrolled recursion (CVE-2014-8117).\n\nThe ELF parser in file 5.08 through 5.21 allows remote attackers to\ncause a denial of service via a large number of notes (CVE-2014-9620).\n\nThe ELF parser in file 5.16 through 5.21 allows remote attackers to\ncause a denial of service via a long string (CVE-2014-9621).\n\nThe updated file packages has been upgraded to the latest 5.22 version\nwhich is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0537.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magic-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magic-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64magic1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"file-5.22-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64magic-devel-5.22-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64magic-static-devel-5.22-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64magic1-5.22-1.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"python-magic-5.22-1.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:32", "description": "The GNU file utility was updated to version 5.22. Security issues fixed :\n\n - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253) Version update to file version 5.22\n\n - add indirect relative for TIFF/Exif\n\n - restructure elf note printing to avoid repeated messages\n\n - add note limit, suggested by Alexander Cherepanov\n\n - Bail out on partial pread()'s (Alexander Cherepanov)\n\n - Fix incorrect bounds check in file_printable (Alexander Cherepanov)\n\n - PR/405: ignore SIGPIPE from uncompress programs\n\n - change printable -> file_printable and use it in more places for safety\n\n - in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name. Version update to file version 5.21\n\n - there was an incorrect free in magic_load_buffers()\n\n - there was an out of bounds read for some pascal strings\n\n - there was a memory leak in magic lists\n\n - don't interpret strings printed from files using the current locale, convert them to ascii format first.\n\n - there was an out of bounds read in elf note reads Update to file version 5.20\n\n - recognize encrypted CDF documents\n\n - add magic_load_buffers from Brooks Davis\n\n - add thumbs.db support\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2017-11-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:file", "p-cpe:/a:novell:suse_linux:file-debuginfo", "p-cpe:/a:novell:suse_linux:file-debugsource", "p-cpe:/a:novell:suse_linux:file-magic", "p-cpe:/a:novell:suse_linux:libmagic1", "p-cpe:/a:novell:suse_linux:libmagic1-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-3048-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3048-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104777);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\");\n script_bugtraq_id(71692, 71700, 71714, 71715, 72516);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : file (SUSE-SU-2017:3048-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GNU file utility was updated to version 5.22. Security issues\nfixed :\n\n - CVE-2014-9621: The ELF parser in file allowed remote\n attackers to cause a denial of service via a long\n string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote\n attackers to cause a denial of service via a large\n number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that\n pread calls sometimes read only a subset of the\n available data, which allows remote attackers to cause a\n denial of service (uninitialized memory access) or\n possibly have unspecified other impact via a crafted ELF\n file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file\n allowed remote attackers to cause a denial of service\n (CPU consumption or crash) via a large number of (1)\n program or (2) section headers or (3) invalid\n capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly\n limit recursion, which allowed remote attackers to cause\n a denial of service (CPU consumption or crash) via\n unspecified vectors. (bsc#910253) Version update to file\n version 5.22\n\n - add indirect relative for TIFF/Exif\n\n - restructure elf note printing to avoid repeated messages\n\n - add note limit, suggested by Alexander Cherepanov\n\n - Bail out on partial pread()'s (Alexander Cherepanov)\n\n - Fix incorrect bounds check in file_printable (Alexander\n Cherepanov)\n\n - PR/405: ignore SIGPIPE from uncompress programs\n\n - change printable -> file_printable and use it in more\n places for safety\n\n - in ELF, instead of '(uses dynamic libraries)' when\n PT_INTERP is present print the interpreter name. Version\n update to file version 5.21\n\n - there was an incorrect free in magic_load_buffers()\n\n - there was an out of bounds read for some pascal strings\n\n - there was a memory leak in magic lists\n\n - don't interpret strings printed from files using the\n current locale, convert them to ascii format first.\n\n - there was an out of bounds read in elf note reads Update\n to file version 5.20\n\n - recognize encrypted CDF documents\n\n - add magic_load_buffers from Brooks Davis\n\n - add thumbs.db support\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=910253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=913651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=996511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9621/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9653/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173048-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac727fb8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2017-1881=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-1881=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1881=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1881=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1881=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1881=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1881=1\n\nSUSE Container as a Service Platform ALL:zypper in -t patch\nSUSE-CAASP-ALL-2017-1881=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1881=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:file-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:file-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmagic1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmagic1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"file-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"file-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"file-debugsource-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"file-magic-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmagic1-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmagic1-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmagic1-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libmagic1-debuginfo-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"file-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"file-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"file-debugsource-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"file-magic-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmagic1-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmagic1-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmagic1-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libmagic1-debuginfo-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"file-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"file-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"file-debugsource-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"file-magic-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmagic1-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmagic1-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmagic1-debuginfo-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libmagic1-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"file-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"file-debuginfo-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"file-debugsource-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"file-magic-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmagic1-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmagic1-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmagic1-debuginfo-32bit-5.22-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libmagic1-debuginfo-5.22-10.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:22", "description": "The GNU file utility was updated to version 5.22.\n\nSecurity issues fixed :\n\n - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253)\n\nVersion update to file version 5.22\n\n - add indirect relative for TIFF/Exif\n\n - restructure elf note printing to avoid repeated messages\n\n - add note limit, suggested by Alexander Cherepanov\n\n - Bail out on partial pread()'s (Alexander Cherepanov)\n\n - Fix incorrect bounds check in file_printable (Alexander Cherepanov)\n\n - PR/405: ignore SIGPIPE from uncompress programs\n\n - change printable -> file_printable and use it in more places for safety\n\n - in ELF, instead of '(uses dynamic libraries)' when PT_INTERP is present print the interpreter name.\n\nVersion update to file version 5.21\n\n - there was an incorrect free in magic_load_buffers()\n\n - there was an out of bounds read for some pascal strings\n\n - there was a memory leak in magic lists\n\n - don't interpret strings printed from files using the current locale, convert them to ascii format first.\n\n - there was an out of bounds read in elf note reads\n\nUpdate to file version 5.20\n\n - recognize encrypted CDF documents\n\n - add magic_load_buffers from Brooks Davis\n\n - add thumbs.db support\n\nAdditional non-security bug fixes :\n\n - Fixed a memory corruption during rpmbuild (bsc#1063269)\n\n - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511)\n\n - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {"score": null, "vector": null}, "published": "2017-11-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : file (openSUSE-2017-1298)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:file", "p-cpe:/a:novell:opensuse:file-debuginfo", "p-cpe:/a:novell:opensuse:file-debugsource", "p-cpe:/a:novell:opensuse:file-devel", "p-cpe:/a:novell:opensuse:file-magic", "p-cpe:/a:novell:opensuse:libmagic1", "p-cpe:/a:novell:opensuse:libmagic1-32bit", "p-cpe:/a:novell:opensuse:libmagic1-debuginfo", "p-cpe:/a:novell:opensuse:libmagic1-debuginfo-32bit", "p-cpe:/a:novell:opensuse:python-magic", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1298.NASL", "href": "https://www.tenable.com/plugins/nessus/104764", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1298.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104764);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\");\n\n script_name(english:\"openSUSE Security Update : file (openSUSE-2017-1298)\");\n script_summary(english:\"Check for the openSUSE-2017-1298 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GNU file utility was updated to version 5.22.\n\nSecurity issues fixed :\n\n - CVE-2014-9621: The ELF parser in file allowed remote\n attackers to cause a denial of service via a long\n string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote\n attackers to cause a denial of service via a large\n number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that\n pread calls sometimes read only a subset of the\n available data, which allows remote attackers to cause a\n denial of service (uninitialized memory access) or\n possibly have unspecified other impact via a crafted ELF\n file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file\n allowed remote attackers to cause a denial of service\n (CPU consumption or crash) via a large number of (1)\n program or (2) section headers or (3) invalid\n capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly\n limit recursion, which allowed remote attackers to cause\n a denial of service (CPU consumption or crash) via\n unspecified vectors. (bsc#910253)\n\nVersion update to file version 5.22\n\n - add indirect relative for TIFF/Exif\n\n - restructure elf note printing to avoid repeated messages\n\n - add note limit, suggested by Alexander Cherepanov\n\n - Bail out on partial pread()'s (Alexander Cherepanov)\n\n - Fix incorrect bounds check in file_printable (Alexander\n Cherepanov)\n\n - PR/405: ignore SIGPIPE from uncompress programs\n\n - change printable -> file_printable and use it in more\n places for safety\n\n - in ELF, instead of '(uses dynamic libraries)' when\n PT_INTERP is present print the interpreter name.\n\nVersion update to file version 5.21\n\n - there was an incorrect free in magic_load_buffers()\n\n - there was an out of bounds read for some pascal strings\n\n - there was a memory leak in magic lists\n\n - don't interpret strings printed from files using the\n current locale, convert them to ascii format first.\n\n - there was an out of bounds read in elf note reads\n\nUpdate to file version 5.20\n\n - recognize encrypted CDF documents\n\n - add magic_load_buffers from Brooks Davis\n\n - add thumbs.db support\n\nAdditional non-security bug fixes :\n\n - Fixed a memory corruption during rpmbuild (bsc#1063269)\n\n - Backport of a fix for an increased printable string\n length as found in file 5.30 (bsc#996511)\n\n - file command throws 'Composite Document File V2\n Document, corrupt: Can't read SSAT' error against excel\n 97/2003 file format. (bsc#1009966)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1009966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=910253\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=913651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=996511\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:file-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmagic1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"file-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"file-debuginfo-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"file-debugsource-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"file-devel-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"file-magic-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmagic1-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libmagic1-debuginfo-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"python-magic-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmagic1-32bit-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libmagic1-debuginfo-32bit-5.22-7.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"file-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"file-debuginfo-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"file-debugsource-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"file-devel-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"file-magic-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmagic1-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libmagic1-debuginfo-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python-magic-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmagic1-32bit-5.22-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libmagic1-debuginfo-32bit-5.22-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-debuginfo / file-debugsource / file-devel / file-magic / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:32:04", "description": "Alexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)\n\nAlexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621)\n\nAlexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653)\n\nIt was discovered that file incorrectly handled certain magic files.\nAn attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865)\n\nIt was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service.\n(CVE-2018-10360).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-06-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : file vulnerabilities (USN-3686-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653", "CVE-2015-8865", "CVE-2018-10360"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:file", "p-cpe:/a:canonical:ubuntu_linux:libmagic1", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3686-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110552", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3686-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110552);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\", \"CVE-2015-8865\", \"CVE-2018-10360\");\n script_xref(name:\"USN\", value:\"3686-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : file vulnerabilities (USN-3686-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Alexander Cherepanov discovered that file incorrectly handled a large\nnumber of notes. An attacker could use this issue to cause a denial of\nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)\n\nAlexander Cherepanov discovered that file incorrectly handled certain\nlong strings. An attacker could use this issue to cause a denial of\nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621)\n\nAlexander Cherepanov discovered that file incorrectly handled certain\nmalformed ELF files. An attacker could use this issue to cause a\ndenial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2014-9653)\n\nIt was discovered that file incorrectly handled certain magic files.\nAn attacker could use this issue with a specially crafted magic file\nto cause a denial of service, or possibly execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2015-8865)\n\nIt was discovered that file incorrectly handled certain malformed ELF\nfiles. An attacker could use this issue to cause a denial of service.\n(CVE-2018-10360).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3686-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected file and / or libmagic1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmagic1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"file\", pkgver:\"1:5.14-2ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libmagic1\", pkgver:\"1:5.14-2ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"file\", pkgver:\"1:5.25-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libmagic1\", pkgver:\"1:5.25-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"file\", pkgver:\"1:5.32-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libmagic1\", pkgver:\"1:5.32-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"file\", pkgver:\"1:5.32-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libmagic1\", pkgver:\"1:5.32-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / libmagic1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-16T01:41:13", "description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620)\n\nThe ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116)\n\nIt was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653)\n\nThe ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621)\n\nsoftmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117)", "cvss3": {"score": null, "vector": null}, "published": "2015-03-25T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : file (ALAS-2015-497)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:file", "p-cpe:/a:amazon:linux:file-debuginfo", "p-cpe:/a:amazon:linux:file-devel", "p-cpe:/a:amazon:linux:file-libs", "p-cpe:/a:amazon:linux:file-static", "p-cpe:/a:amazon:linux:python26-magic", "p-cpe:/a:amazon:linux:python27-magic", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-497.NASL", "href": "https://www.tenable.com/plugins/nessus/82046", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-497.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82046);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\");\n script_xref(name:\"ALAS\", value:\"2015-497\");\n\n script_name(english:\"Amazon Linux AMI : file (ALAS-2015-497)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ELF parser in file 5.08 through 5.21 allows remote attackers to\ncause a denial of service via a large number of notes. (CVE-2014-9620)\n\nThe ELF parser (readelf.c) in file before 5.21 allows remote attackers\nto cause a denial of service (CPU consumption or crash) via a large\nnumber of (1) program or (2) section headers or (3) invalid\ncapabilities. (CVE-2014-8116)\n\nIt was reported that a malformed elf file can cause file urility to\naccess invalid memory. (CVE-2014-9653)\n\nThe ELF parser in file 5.16 through 5.21 allows remote attackers to\ncause a denial of service via a long string. (CVE-2014-9621)\n\nsoftmagic.c in file before 5.21 does not properly limit recursion,\nwhich allows remote attackers to cause a denial of service (CPU\nconsumption or crash) via unspecified vectors. (CVE-2014-8117)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-497.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update file' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:file-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python26-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python27-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"file-5.22-2.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-debuginfo-5.22-2.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-devel-5.22-2.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-libs-5.22-2.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"file-static-5.22-2.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python26-magic-5.22-2.29.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python27-magic-5.22-2.29.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-debuginfo / file-devel / file-libs / file-static / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:55", "description": "Update to File-5.22. Fixes various CVE bugs.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "Fedora 21 : file-5.22-2.fc21 (2015-2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:file", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-2020.NASL", "href": "https://www.tenable.com/plugins/nessus/81394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2020.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81394);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\");\n script_xref(name:\"FEDORA\", value:\"2015-2020\");\n\n script_name(english:\"Fedora 21 : file-5.22-2.fc21 (2015-2020)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to File-5.22. Fixes various CVE bugs.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1171580\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1174606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1180642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1190116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150121.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c5b0ed5b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:file\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"file-5.22-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:51", "description": "An update for file is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file.\n(CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {"score": null, "vector": null}, "published": "2016-05-17T00:00:00", "type": "nessus", "title": "CentOS 6 : file (CESA-2016:0760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:file", "p-cpe:/a:centos:centos:file-devel", "p-cpe:/a:centos:centos:file-libs", "p-cpe:/a:centos:centos:file-static", "p-cpe:/a:centos:centos:python-magic", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-0760.NASL", "href": "https://www.tenable.com/plugins/nessus/91167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0760 and \n# CentOS Errata and Security Advisory 2016:0760 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91167);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9653\");\n script_xref(name:\"RHSA\", value:\"2016:0760\");\n\n script_name(english:\"CentOS 6 : file (CESA-2016:0760)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for file is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe file command is used to identify a particular file according to\nthe type of data the file contains. It can identify many different\nfile types, including Executable and Linkable Format (ELF) binary\nfiles, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the file regular expression rules for\ndetecting various files. A remote attacker could use these flaws to\ncause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain\nComposite Document Format (CDF) files. A remote attacker could use\nthis flaw to crash file via a specially crafted CDF file.\n(CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and\nLinkable Format (ELF) files. A remote attacker could use these flaws\nto cause file to crash, disclose portions of its memory, or consume an\nexcessive amount of system resources. (CVE-2014-3710, CVE-2014-8116,\nCVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for\nreporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was\ndiscovered by Jan Kaluza (Red Hat Web Stack Team) and the\nCVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat\nProduct Security).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-May/002805.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?990dcc10\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9653\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:file-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"file-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"file-devel-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"file-libs-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"file-static-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-magic-5.04-30.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-devel / file-libs / file-static / python-magic\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:37", "description": "From Red Hat Security Advisory 2016:0760 :\n\nAn update for file is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file.\n(CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {"score": null, "vector": null}, "published": "2016-05-16T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : file (ELSA-2016-0760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:file", "p-cpe:/a:oracle:linux:file-devel", "p-cpe:/a:oracle:linux:file-libs", "p-cpe:/a:oracle:linux:file-static", "p-cpe:/a:oracle:linux:python-magic", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-0760.NASL", "href": "https://www.tenable.com/plugins/nessus/91149", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:0760 and \n# Oracle Linux Security Advisory ELSA-2016-0760 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91149);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9653\");\n script_xref(name:\"RHSA\", value:\"2016:0760\");\n\n script_name(english:\"Oracle Linux 6 : file (ELSA-2016-0760)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:0760 :\n\nAn update for file is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe file command is used to identify a particular file according to\nthe type of data the file contains. It can identify many different\nfile types, including Executable and Linkable Format (ELF) binary\nfiles, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the file regular expression rules for\ndetecting various files. A remote attacker could use these flaws to\ncause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain\nComposite Document Format (CDF) files. A remote attacker could use\nthis flaw to crash file via a specially crafted CDF file.\n(CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and\nLinkable Format (ELF) files. A remote attacker could use these flaws\nto cause file to crash, disclose portions of its memory, or consume an\nexcessive amount of system resources. (CVE-2014-3710, CVE-2014-8116,\nCVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for\nreporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was\ndiscovered by Jan Kaluza (Red Hat Web Stack Team) and the\nCVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat\nProduct Security).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-May/006057.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected file packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:file-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"file-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"file-devel-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"file-libs-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"file-static-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-magic-5.04-30.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-devel / file-libs / file-static / python-magic\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:39", "description": "Security Fix(es) :\n\n - Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n - A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587)\n\n - Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)", "cvss3": {"score": null, "vector": null}, "published": "2016-06-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:file", "p-cpe:/a:fermilab:scientific_linux:file-debuginfo", "p-cpe:/a:fermilab:scientific_linux:file-devel", "p-cpe:/a:fermilab:scientific_linux:file-libs", "p-cpe:/a:fermilab:scientific_linux:file-static", "p-cpe:/a:fermilab:scientific_linux:python-magic", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20160510_FILE_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/91537", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91537);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9653\");\n\n script_name(english:\"Scientific Linux Security Update : file on SL6.x i386/x86_64 (20160510)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were found in the file regular expression\n rules for detecting various files. A remote attacker\n could use these flaws to cause file to consume an\n excessive amount of CPU. (CVE-2014-3538)\n\n - A denial of service flaw was found in the way file\n parsed certain Composite Document Format (CDF) files. A\n remote attacker could use this flaw to crash file via a\n specially crafted CDF file. (CVE-2014-3587)\n\n - Multiple flaws were found in the way file parsed\n Executable and Linkable Format (ELF) files. A remote\n attacker could use these flaws to cause file to crash,\n disclose portions of its memory, or consume an excessive\n amount of system resources. (CVE-2014-3710,\n CVE-2014-8116, CVE-2014-8117, CVE-2014-9620,\n CVE-2014-9653)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=850\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd127452\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:file-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"file-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"file-debuginfo-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"file-devel-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"file-libs-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"file-static-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-magic-5.04-30.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-debuginfo / file-devel / file-libs / file-static / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:42:12", "description": "An update for file is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file.\n(CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluza (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {"score": null, "vector": null}, "published": "2016-05-12T00:00:00", "type": "nessus", "title": "RHEL 6 : file (RHSA-2016:0760)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:file", "p-cpe:/a:redhat:enterprise_linux:file-debuginfo", "p-cpe:/a:redhat:enterprise_linux:file-devel", "p-cpe:/a:redhat:enterprise_linux:file-libs", "p-cpe:/a:redhat:enterprise_linux:file-static", "p-cpe:/a:redhat:enterprise_linux:python-magic", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-0760.NASL", "href": "https://www.tenable.com/plugins/nessus/91074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0760. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91074);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9653\");\n script_xref(name:\"RHSA\", value:\"2016:0760\");\n\n script_name(english:\"RHEL 6 : file (RHSA-2016:0760)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for file is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe file command is used to identify a particular file according to\nthe type of data the file contains. It can identify many different\nfile types, including Executable and Linkable Format (ELF) binary\nfiles, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es) :\n\n* Multiple flaws were found in the file regular expression rules for\ndetecting various files. A remote attacker could use these flaws to\ncause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain\nComposite Document Format (CDF) files. A remote attacker could use\nthis flaw to crash file via a specially crafted CDF file.\n(CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and\nLinkable Format (ELF) files. A remote attacker could use these flaws\nto cause file to crash, disclose portions of its memory, or consume an\nexcessive amount of system resources. (CVE-2014-3710, CVE-2014-8116,\nCVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for\nreporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was\ndiscovered by Jan Kaluza (Red Hat Web Stack Team) and the\nCVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat\nProduct Security).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-3710\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8116\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9653\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:file-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:file-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:file-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-magic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0760\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"file-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"file-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"file-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"file-debuginfo-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"file-devel-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"file-libs-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"file-static-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"file-static-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"file-static-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-magic-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-magic-5.04-30.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-magic-5.04-30.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-debuginfo / file-devel / file-libs / file-static / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:37", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - fix CVE-2014-3538 (unrestricted regular expression matching)\n\n - fix #1284826 - try to read ELF header to detect corrupted one\n\n - fix #1263987 - fix bugs found by coverity in the patch\n\n - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)\n\n - fix CVE-2014-3710 (out-of-bounds read in elf note headers)\n\n - fix CVE-2014-8116 (multiple DoS issues (resource consumption))\n\n - fix CVE-2014-8117 (denial of service issue (resource consumption))\n\n - fix CVE-2014-9620 (limit the number of ELF notes processed)\n\n - fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory)\n\n - fix #809898 - add support for detection of Python 2.7 byte-compiled files\n\n - fix #1263987 - fix coredump execfn detection on ppc64 and s390\n\n - fix #966953 - include msooxml file in magic.mgc generation\n\n - fix #966953 - increate the strength of MSOOXML magic patterns\n\n - fix #1169509 - add support for Java 1.7 and 1.8\n\n - fix #1243650 - comment out too-sensitive Pascal magic\n\n - fix #1080453 - remove .orig files from magic directory\n\n - fix #1161058 - add support for EPUB\n\n - fix #1162149 - remove parts of patches patching .orig files\n\n - fix #1154802 - fix detection of zip files containing file named mime\n\n - fix #1246073 - fix detection UTF8 and UTF16 encoded XML files\n\n - fix #1263987 - add new execfn to coredump output to show the real name of executable which generated the coredump\n\n - fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files\n\n - fix #966953 - backport support for MSOOXML", "cvss3": {"score": null, "vector": null}, "published": "2016-05-16T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1571", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:file", "p-cpe:/a:oracle:vm:file-libs", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2016-0050.NASL", "href": "https://www.tenable.com/plugins/nessus/91155", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0050.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91155);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1571\", \"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9653\");\n script_bugtraq_id(52225, 68348, 69325, 70807, 71692, 71700, 71715, 72516);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : file (OVMSA-2016-0050)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - fix CVE-2014-3538 (unrestricted regular expression\n matching)\n\n - fix #1284826 - try to read ELF header to detect\n corrupted one\n\n - fix #1263987 - fix bugs found by coverity in the patch\n\n - fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)\n\n - fix CVE-2014-3710 (out-of-bounds read in elf note\n headers)\n\n - fix CVE-2014-8116 (multiple DoS issues (resource\n consumption))\n\n - fix CVE-2014-8117 (denial of service issue (resource\n consumption))\n\n - fix CVE-2014-9620 (limit the number of ELF notes\n processed)\n\n - fix CVE-2014-9653 (malformed elf file causes access to\n uninitialized memory)\n\n - fix #809898 - add support for detection of Python 2.7\n byte-compiled files\n\n - fix #1263987 - fix coredump execfn detection on ppc64\n and s390\n\n - fix #966953 - include msooxml file in magic.mgc\n generation\n\n - fix #966953 - increate the strength of MSOOXML magic\n patterns\n\n - fix #1169509 - add support for Java 1.7 and 1.8\n\n - fix #1243650 - comment out too-sensitive Pascal magic\n\n - fix #1080453 - remove .orig files from magic directory\n\n - fix #1161058 - add support for EPUB\n\n - fix #1162149 - remove parts of patches patching .orig\n files\n\n - fix #1154802 - fix detection of zip files containing\n file named mime\n\n - fix #1246073 - fix detection UTF8 and UTF16 encoded XML\n files\n\n - fix #1263987 - add new execfn to coredump output to show\n the real name of executable which generated the coredump\n\n - fix #809898 - add support for detection of Python\n 3.2-3.5 byte-compiled files\n\n - fix #966953 - backport support for MSOOXML\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000460.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000464.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected file / file-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:file-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"file-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"file-libs-5.04-30.el6\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"file-5.04-30.el6\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"file-libs-5.04-30.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"file / file-libs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:56:24", "description": "Multiple vulnerabilities has been discovered and corrected in php :\n\nIt was discovered that the file utility contains a flaw in the handling of indirect magic rules in the libmagic library, which leads to an infinite recursion when trying to determine the file type of certain files (CVE-2014-1943).\n\nA flaw was found in the way the file utility determined the type of Portable Executable (PE) format files, the executable format used on Windows. A malicious PE file could cause the file utility to crash or, potentially, execute arbitrary code (CVE-2014-2270).\n\nThe BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters (CVE-2013-7345).\n\nPHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185).\n\nA flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the info from the same offset. This led to many file_printf() calls in cdf_file_property_info(), which caused file to use an excessive amount of CPU time when parsing a specially crafted CDF file (CVE-2014-0237).\n\nA flaw was found in the way file parsed property information from Composite Document Files (CDF) files. A property entry with 0 elements triggers an infinite loop (CVE-2014-0238).\n\nThe unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue related to the SPL ArrayObject and SPLObjectStorage Types (CVE-2014-3515).\n\nIt was discovered that PHP is vulnerable to a heap-based buffer overflow in the DNS TXT record parsing. A malicious server or man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application uses dns_get_record() to perform a DNS query (CVE-2014-4049).\n\nA flaw was found in the way file parsed property information from Composite Document Files (CDF) files, where the mconvert() function did not correctly compute the truncated pascal string size (CVE-2014-3478).\n\nMultiple flaws were found in the way file parsed property information from Composite Document Files (CDF) files, due to insufficient boundary checks on buffers (CVE-2014-0207, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487).\n\nThe phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type Confusion issue that can cause it to leak arbitrary process memory (CVE-2014-4721).\n\nUse-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments (CVE-2014-4698).\n\nUse-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments (CVE-2014-4670).\n\nfile before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule, due to an incomplete fix for CVE-2013-7345 (CVE-2014-3538).\n\nInteger overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE:\nthis vulnerability exists because of an incomplete fix for CVE-2012-1571 (CVE-2014-3587).\n\nMultiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049 (CVE-2014-3597).\n\nAn integer overflow flaw in PHP's unserialize() function was reported.\nIf unserialize() were used on untrusted data, this issue could lead to a crash or potentially information disclosure (CVE-2014-3669).\n\nA heap corruption issue was reported in PHP's exif_thumbnail() function. A specially crafted JPEG image could cause the PHP interpreter to crash or, potentially, execute arbitrary code (CVE-2014-3670).\n\nIf client-supplied input was passed to PHP's cURL client as a URL to download, it could return local files from the server due to improper handling of null bytes (PHP#68089).\n\nAn out-of-bounds read flaw was found in file's donote() function in the way the file utility determined the note headers of a elf file.\nThis could possibly lead to file executable crash (CVE-2014-3710).\n\nA use-after-free flaw was found in PHP unserialize(). An untrusted input could cause PHP interpreter to crash or, possibly, execute arbitrary code when processed using unserialize() (CVE-2014-8142).\n\nDouble free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2014-9425).\n\nsapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427).\n\nUse after free vulnerability in unserialize() in PHP before 5.5.21 (CVE-2015-0231).\n\nFree called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232).\n\nThe readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module.\n\nS. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-9705).\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-0273).\n\nIt was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-2301).\n\nUse-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142 (CVE-2015-0231).\n\nThe exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image (CVE-2015-0232).\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libzip, which is embedded in PHP, processed certain ZIP archives. If an attacker were able to supply a specially crafted ZIP archive to an application using libzip, it could cause the application to crash or, possibly, execute arbitrary code (CVE-2015-2331).\n\nIt was discovered that the PHP opcache component incorrectly handled memory. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1351).\n\nIt was discovered that the PHP PostgreSQL database extension incorrectly handled certain pointers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2015-1352).\n\nPHP contains a bundled copy of the file utility's libmagic library, so it was vulnerable to the libmagic issues.\n\nThe updated php packages have been patched and upgraded to the 5.5.23 version which is not vulnerable to these issues. The libzip packages has been patched to address the CVE-2015-2331 flaw.\n\nA bug in the php zip extension that could cause a crash has been fixed (mga#13820)\n\nAdditionally the jsonc and timezonedb packages has been upgraded to the latest versions and the PECL packages which requires so has been rebuilt for php-5.5.23.", "cvss3": {"score": null, "vector": null}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : php (MDVSA-2015:080)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1571", "CVE-2013-7345", "CVE-2014-0185", "CVE-2014-0207", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-1943", "CVE-2014-2270", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3597", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3710", "CVE-2014-4049", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-8142", "CVE-2014-9425", "CVE-2014-9427", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9705", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2301", "CVE-2015-2331"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:apache-mod_php", "p-cpe:/a:mandriva:linux:lib64php5_common5", "p-cpe:/a:mandriva:linux:lib64zip-devel", "p-cpe:/a:mandriva:linux:lib64zip2", "p-cpe:/a:mandriva:linux:libzip", "p-cpe:/a:mandriva:linux:php-bcmath", "p-cpe:/a:mandriva:linux:php-bz2", "p-cpe:/a:mandriva:linux:php-calendar", "p-cpe:/a:mandriva:linux:php-cgi", "p-cpe:/a:mandriva:linux:php-cli", "p-cpe:/a:mandriva:linux:php-ctype", "p-cpe:/a:mandriva:linux:php-curl", "p-cpe:/a:mandriva:linux:php-dba", "p-cpe:/a:mandriva:linux:php-devel", "p-cpe:/a:mandriva:linux:php-doc", "p-cpe:/a:mandriva:linux:php-dom", "p-cpe:/a:mandriva:linux:php-enchant", "p-cpe:/a:mandriva:linux:php-exif", "p-cpe:/a:mandriva:linux:php-fileinfo", "p-cpe:/a:mandriva:linux:php-filter", "p-cpe:/a:mandriva:linux:php-fpm", "p-cpe:/a:mandriva:linux:php-ftp", "p-cpe:/a:mandriva:linux:php-gd", "p-cpe:/a:mandriva:linux:php-gettext", "p-cpe:/a:mandriva:linux:php-gmp", "p-cpe:/a:mandriva:linux:php-hash", "p-cpe:/a:mandriva:linux:php-iconv", "p-cpe:/a:mandriva:linux:php-imap", "p-cpe:/a:mandriva:linux:php-ini", "p-cpe:/a:mandriva:linux:php-interbase", "p-cpe:/a:mandriva:linux:php-intl", "p-cpe:/a:mandriva:linux:php-json", "p-cpe:/a:mandriva:linux:php-ldap", "p-cpe:/a:mandriva:linux:php-mbstring", "p-cpe:/a:mandriva:linux:php-mcrypt", "p-cpe:/a:mandriva:linux:php-mssql", "p-cpe:/a:mandriva:linux:php-mysql", "p-cpe:/a:mandriva:linux:php-mysqli", "p-cpe:/a:mandriva:linux:php-mysqlnd", "p-cpe:/a:mandriva:linux:php-odbc", "p-cpe:/a:mandriva:linux:php-opcache", "p-cpe:/a:mandriva:linux:php-openssl", "p-cpe:/a:mandriva:linux:php-pcntl", "p-cpe:/a:mandriva:linux:php-pdo", "p-cpe:/a:mandriva:linux:php-pdo_dblib", "p-cpe:/a:mandriva:linux:php-pdo_firebird", "p-cpe:/a:mandriva:linux:php-pdo_mysql", "p-cpe:/a:mandriva:linux:php-pdo_odbc", "p-cpe:/a:mandriva:linux:php-pdo_pgsql", "p-cpe:/a:mandriva:linux:php-pdo_sqlite", "p-cpe:/a:mandriva:linux:php-pgsql", "p-cpe:/a:mandriva:linux:php-phar", "p-cpe:/a:mandriva:linux:php-posix", "p-cpe:/a:mandriva:linux:php-readline", "p-cpe:/a:mandriva:linux:php-recode", "p-cpe:/a:mandriva:linux:php-session", "p-cpe:/a:mandriva:linux:php-shmop", "p-cpe:/a:mandriva:linux:php-snmp", "p-cpe:/a:mandriva:linux:php-soap", "p-cpe:/a:mandriva:linux:php-sockets", "p-cpe:/a:mandriva:linux:php-sqlite3", "p-cpe:/a:mandriva:linux:php-sybase_ct", "p-cpe:/a:mandriva:linux:php-sysvmsg", "p-cpe:/a:mandriva:linux:php-sysvsem", "p-cpe:/a:mandriva:linux:php-sysvshm", "p-cpe:/a:mandriva:linux:php-tidy", "p-cpe:/a:mandriva:linux:php-timezonedb", "p-cpe:/a:mandriva:linux:php-tokenizer", "p-cpe:/a:mandriva:linux:php-wddx", "p-cpe:/a:mandriva:linux:php-xml", "p-cpe:/a:mandriva:linux:php-xmlreader", "p-cpe:/a:mandriva:linux:php-xmlrpc", "p-cpe:/a:mandriva:linux:php-xmlwriter", "p-cpe:/a:mandriva:linux:php-xsl", "p-cpe:/a:mandriva:linux:php-zip", "p-cpe:/a:mandriva:linux:php-zlib", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-080.NASL", "href": "https://www.tenable.com/plugins/nessus/82333", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:080. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82333);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-7345\", \"CVE-2014-0185\", \"CVE-2014-0207\", \"CVE-2014-0237\", \"CVE-2014-0238\", \"CVE-2014-1943\", \"CVE-2014-2270\", \"CVE-2014-3478\", \"CVE-2014-3479\", \"CVE-2014-3480\", \"CVE-2014-3487\", \"CVE-2014-3515\", \"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3597\", \"CVE-2014-3669\", \"CVE-2014-3670\", \"CVE-2014-3710\", \"CVE-2014-4049\", \"CVE-2014-4670\", \"CVE-2014-4698\", \"CVE-2014-4721\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-8142\", \"CVE-2014-9425\", \"CVE-2014-9427\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9705\", \"CVE-2015-0231\", \"CVE-2015-0232\", \"CVE-2015-0273\", \"CVE-2015-1351\", \"CVE-2015-1352\", \"CVE-2015-2301\", \"CVE-2015-2331\");\n script_xref(name:\"MDVSA\", value:\"2015:080\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php (MDVSA-2015:080)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in php :\n\nIt was discovered that the file utility contains a flaw in the\nhandling of indirect magic rules in the libmagic library, which leads\nto an infinite recursion when trying to determine the file type of\ncertain files (CVE-2014-1943).\n\nA flaw was found in the way the file utility determined the type of\nPortable Executable (PE) format files, the executable format used on\nWindows. A malicious PE file could cause the file utility to crash or,\npotentially, execute arbitrary code (CVE-2014-2270).\n\nThe BEGIN regular expression in the awk script detector in\nmagic/Magdir/commands in file before 5.15 uses multiple wildcards with\nunlimited repetitions, which allows context-dependent attackers to\ncause a denial of service (CPU consumption) via a crafted ASCII file\nthat triggers a large amount of backtracking, as demonstrated via a\nfile with many newline characters (CVE-2013-7345).\n\nPHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain\nsocket with world-writable permissions by default, which allows any\nlocal user to connect to it and execute PHP scripts as the apache user\n(CVE-2014-0185).\n\nA flaw was found in the way file's Composite Document Files (CDF)\nformat parser handle CDF files with many summary info entries. The\ncdf_unpack_summary_info() function unnecessarily repeatedly read the\ninfo from the same offset. This led to many file_printf() calls in\ncdf_file_property_info(), which caused file to use an excessive amount\nof CPU time when parsing a specially crafted CDF file (CVE-2014-0237).\n\nA flaw was found in the way file parsed property information from\nComposite Document Files (CDF) files. A property entry with 0 elements\ntriggers an infinite loop (CVE-2014-0238).\n\nThe unserialize() function in PHP before 5.4.30 and 5.5.14 has a Type\nConfusion issue related to the SPL ArrayObject and SPLObjectStorage\nTypes (CVE-2014-3515).\n\nIt was discovered that PHP is vulnerable to a heap-based buffer\noverflow in the DNS TXT record parsing. A malicious server or\nman-in-the-middle attacker could possibly use this flaw to execute\narbitrary code as the PHP interpreter if a PHP application uses\ndns_get_record() to perform a DNS query (CVE-2014-4049).\n\nA flaw was found in the way file parsed property information from\nComposite Document Files (CDF) files, where the mconvert() function\ndid not correctly compute the truncated pascal string size\n(CVE-2014-3478).\n\nMultiple flaws were found in the way file parsed property information\nfrom Composite Document Files (CDF) files, due to insufficient\nboundary checks on buffers (CVE-2014-0207, CVE-2014-3479,\nCVE-2014-3480, CVE-2014-3487).\n\nThe phpinfo() function in PHP before 5.4.30 and 5.5.14 has a Type\nConfusion issue that can cause it to leak arbitrary process memory\n(CVE-2014-4721).\n\nUse-after-free vulnerability in ext/spl/spl_array.c in the SPL\ncomponent in PHP through 5.5.14 allows context-dependent attackers to\ncause a denial of service or possibly have unspecified other impact\nvia crafted ArrayIterator usage within applications in certain\nweb-hosting environments (CVE-2014-4698).\n\nUse-after-free vulnerability in ext/spl/spl_dllist.c in the SPL\ncomponent in PHP through 5.5.14 allows context-dependent attackers to\ncause a denial of service or possibly have unspecified other impact\nvia crafted iterator usage within applications in certain web-hosting\nenvironments (CVE-2014-4670).\n\nfile before 5.19 does not properly restrict the amount of data read\nduring a regex search, which allows remote attackers to cause a denial\nof service (CPU consumption) via a crafted file that triggers\nbacktracking during processing of an awk rule, due to an incomplete\nfix for CVE-2013-7345 (CVE-2014-3538).\n\nInteger overflow in the cdf_read_property_info function in cdf.c in\nfile through 5.19, as used in the Fileinfo component in PHP before\n5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a\ndenial of service (application crash) via a crafted CDF file. NOTE:\nthis vulnerability exists because of an incomplete fix for\nCVE-2012-1571 (CVE-2014-3587).\n\nMultiple buffer overflows in the php_parserr function in\next/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow\nremote DNS servers to cause a denial of service (application crash) or\npossibly execute arbitrary code via a crafted DNS record, related to\nthe dns_get_record function and the dn_expand function. NOTE: this\nissue exists because of an incomplete fix for CVE-2014-4049\n(CVE-2014-3597).\n\nAn integer overflow flaw in PHP's unserialize() function was reported.\nIf unserialize() were used on untrusted data, this issue could lead to\na crash or potentially information disclosure (CVE-2014-3669).\n\nA heap corruption issue was reported in PHP's exif_thumbnail()\nfunction. A specially crafted JPEG image could cause the PHP\ninterpreter to crash or, potentially, execute arbitrary code\n(CVE-2014-3670).\n\nIf client-supplied input was passed to PHP's cURL client as a URL to\ndownload, it could return local files from the server due to improper\nhandling of null bytes (PHP#68089).\n\nAn out-of-bounds read flaw was found in file's donote() function in\nthe way the file utility determined the note headers of a elf file.\nThis could possibly lead to file executable crash (CVE-2014-3710).\n\nA use-after-free flaw was found in PHP unserialize(). An untrusted\ninput could cause PHP interpreter to crash or, possibly, execute\narbitrary code when processed using unserialize() (CVE-2014-8142).\n\nDouble free vulnerability in the zend_ts_hash_graceful_destroy\nfunction in zend_ts_hash.c in the Zend Engine in PHP before 5.5.21\nallows remote attackers to cause a denial of service or possibly have\nunspecified other impact via unknown vectors (CVE-2014-9425).\n\nsapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when\nmmap is used to read a .php file, does not properly consider the\nmapping's length during processing of an invalid file that begins with\na # character and lacks a newline character, which causes an\nout-of-bounds read and might allow remote attackers to obtain\nsensitive information from php-cgi process memory by leveraging the\nability to upload a .php file or trigger unexpected code execution if\na valid PHP script is present in memory locations adjacent to the\nmapping (CVE-2014-9427).\n\nUse after free vulnerability in unserialize() in PHP before 5.5.21\n(CVE-2015-0231).\n\nFree called on an uninitialized pointer in php-exif in PHP before\n5.5.21 (CVE-2015-0232).\n\nThe readelf.c source file has been removed from PHP's bundled copy of\nfile's libmagic, eliminating exposure to denial of service issues in\nELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620\nand CVE-2014-9621 in PHP's fileinfo module.\n\nS. Paraschoudis discovered that PHP incorrectly handled memory in the\nenchant binding. A remote attacker could use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code (CVE-2014-9705).\n\nTaoguang Chen discovered that PHP incorrectly handled unserializing\nobjects. A remote attacker could use this issue to cause PHP to crash,\nresulting in a denial of service, or possibly execute arbitrary code\n(CVE-2015-0273).\n\nIt was discovered that PHP incorrectly handled memory in the phar\nextension. A remote attacker could use this issue to cause PHP to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode (CVE-2015-2301).\n\nUse-after-free vulnerability in the process_nested_data function in\next/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before\n5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute\narbitrary code via a crafted unserialize call that leverages improper\nhandling of duplicate numerical keys within the serialized properties\nof an object. NOTE: this vulnerability exists because of an incomplete\nfix for CVE-2014-8142 (CVE-2015-0231).\n\nThe exif_process_unicode function in ext/exif/exif.c in PHP before\n5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote\nattackers to execute arbitrary code or cause a denial of service\n(uninitialized pointer free and application crash) via crafted EXIF\ndata in a JPEG image (CVE-2015-0232).\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way libzip, which is embedded in PHP, processed certain\nZIP archives. If an attacker were able to supply a specially crafted\nZIP archive to an application using libzip, it could cause the\napplication to crash or, possibly, execute arbitrary code\n(CVE-2015-2331).\n\nIt was discovered that the PHP opcache component incorrectly handled\nmemory. A remote attacker could possibly use this issue to cause PHP\nto crash, resulting in a denial of service, or possibly execute\narbitrary code (CVE-2015-1351).\n\nIt was discovered that the PHP PostgreSQL database extension\nincorrectly handled certain pointers. A remote attacker could possibly\nuse this issue to cause PHP to crash, resulting in a denial of\nservice, or possibly execute arbitrary code (CVE-2015-1352).\n\nPHP contains a bundled copy of the file utility's libmagic library, so\nit was vulnerable to the libmagic issues.\n\nThe updated php packages have been patched and upgraded to the 5.5.23\nversion which is not vulnerable to these issues. The libzip packages\nhas been patched to address the CVE-2015-2331 flaw.\n\nA bug in the php zip extension that could cause a crash has been fixed\n(mga#13820)\n\nAdditionally the jsonc and timezonedb packages has been upgraded to\nthe latest versions and the PECL packages which requires so has been\nrebuilt for php-5.5.23.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0215.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0258.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0284.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0324.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0367.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0430.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0542.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0040.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.12\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.13\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.14\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.15\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.16\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.17\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.18\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.20\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.21\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.22\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.23\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://php.net/ChangeLog-5.php#5.5.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2501-1/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2535-1/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.mageia.org/show_bug.cgi?id=13820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1204676\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64php5_common5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zip-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zip2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libzip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bcmath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-bz2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dba\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-dom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-enchant\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-exif\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fileinfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-filter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-fpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-gmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-hash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-iconv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-imap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ini\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-interbase\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-intl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mbstring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mysqlnd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-opcache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pcntl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_dblib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_firebird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pdo_sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-phar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-posix\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-readline\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-recode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-session\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-shmop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sockets\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sqlite3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sybase_ct\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvsem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-sysvshm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tidy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-timezonedb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-tokenizer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-wddx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlreader\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xmlwriter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-xsl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_php-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64php5_common5-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64zip-devel-0.11.2-1.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"lib64zip2-0.11.2-1.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"libzip-0.11.2-1.1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-bcmath-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-bz2-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-calendar-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-cgi-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-cli-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ctype-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-curl-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-dba-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-devel-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", reference:\"php-doc-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-dom-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-enchant-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-exif-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-fileinfo-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-filter-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-fpm-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ftp-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-gd-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-gettext-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-gmp-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-hash-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-iconv-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-imap-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ini-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-interbase-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-intl-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-json-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-ldap-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mbstring-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mcrypt-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mssql-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mysql-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mysqli-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-mysqlnd-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-odbc-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-opcache-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-openssl-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pcntl-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_dblib-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_firebird-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_mysql-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_odbc-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_pgsql-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pdo_sqlite-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-pgsql-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-phar-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-posix-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-readline-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-recode-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-session-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-shmop-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-snmp-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-soap-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sockets-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sqlite3-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sybase_ct-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sysvmsg-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sysvsem-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-sysvshm-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-tidy-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-timezonedb-2015.1-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-tokenizer-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-wddx-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xml-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xmlreader-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xmlrpc-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xmlwriter-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-xsl-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-zip-5.5.23-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"php-zlib-5.5.23-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:34:12", "description": "The Docker images provided with SUSE CaaS Platform 2.0 have been updated to include the following updates: binutils :\n\n - Update to version 2.29\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209\n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450, bsc#1052503, CVE-2017-12456, bsc#1052507, CVE-2017-12454, bsc#1052509, CVE-2017-12453, bsc#1052511, CVE-2017-12452, bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729\n\n - Make compressed debug section handling explicit, disable for old products and enable for gas on all architectures otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from to workaround CMake rpath handling. [bsc#1025282]\n\n - Fix alignment frags for aarch64 (bsc#1003846) coreutils :\n\n - Fix df(1) to no longer interact with excluded file system types, so for example specifying -x nfs no longer hangs with problematic nfs mounts. (bsc#1026567)\n\n - Ensure df -l no longer interacts with dummy file system types, so for example no longer hangs with problematic NFS mounted via system.automount(5). (bsc#1043059)\n\n - Significantly speed up df(1) for huge mount lists.\n (bsc#965780) file :\n\n - update to version 5.22.\n\n - CVE-2014-9621: The ELF parser in file allowed remote attackers to cause a denial of service via a long string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote attackers to cause a denial of service via a large number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file allowed remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly limit recursion, which allowed remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (bsc#910253)\n\n - Fixed a memory corruption during rpmbuild (bsc#1063269)\n\n - Backport of a fix for an increased printable string length as found in file 5.30 (bsc#996511)\n\n - file command throws 'Composite Document File V2 Document, corrupt: Can't read SSAT' error against excel 97/2003 file format. (bsc#1009966) gcc7 :\n\n - Support for specific IBM Power9 processor instructions.\n\n - Support for specific IBM zSeries z14 processor instructions.\n\n - New packages cross-npvtx-gcc7 and nvptx-tools added to the Toolchain Module for specific NVIDIA Card offload support. gzip :\n\n - fix mishandling of leading zeros in the end-of-block code (bsc#1067891) libsolv :\n\n - Many fixes and improvements for cleandeps.\n\n - Always create dup rules for 'distupgrade' jobs.\n\n - Use recommends also for ordering packages.\n\n - Fix splitprovides handling with addalreadyrecommended turned off. (bsc#1059065)\n\n - Expose solver_get_recommendations() in bindings.\n\n - Fix bug in solver_prune_to_highest_prio_per_name resulting in bad output from solver_get_recommendations().\n\n - Support 'without' and 'unless' dependencies.\n\n - Use same heuristic as upstream to determine source RPMs.\n\n - Fix memory leak in bindings.\n\n - Add pool_best_solvables() function.\n\n - Fix 64bit integer parsing from RPM headers.\n\n - Enable bzip2 and xz/lzma compression support.\n\n - Enable complex/rich dependencies on distributions with RPM 4.13+. libtool :\n\n - Add missing dependencies and provides to baselibs.conf to make sure libltdl libraries are properly installed.\n (bsc#1056381) libzypp :\n\n - Fix media handling in presence of a repo path prefix.\n (bsc#1062561)\n\n - Fix RepoProvideFile ignoring a repo path prefix.\n (bsc#1062561)\n\n - Remove unused legacy notify-message script.\n (bsc#1058783)\n\n - Support multiple product licenses in repomd.\n (fate#322276)\n\n - Propagate 'rpm --import' errors. (bsc#1057188)\n\n - Fix typos in zypp.conf. openssl :\n\n - CVE-2017-3735: openssl1,openssl: Malformed X.509 IPAdressFamily could cause OOB read (bsc#1056058)\n\n - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242)\n\n - Out of bounds read+crash in DES_fcrypt (bsc#1065363)\n\n - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA ciphers (bsc#1055825) perl: Security issues for perl :\n\n - CVE-2017-12837: Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a escape and the case-insensitive modifier. (bnc#1057724)\n\n - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid escape. (bnc#1057721)\n\n - CVE-2017-6512: Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. (bnc#1047178) Bug fixes for perl :\n\n - backport set_capture_string changes from upstream (bsc#999735)\n\n - reformat baselibs.conf as source validator workaround systemd :\n\n - unit: When JobTimeoutSec= is turned off, implicitly turn off JobRunningTimeoutSec= too. (bsc#1048605, bsc#1004995)\n\n - compat-rules: Generate compat by-id symlinks with 'nvme' prefix missing and warn users that have broken symlinks.\n (bsc#1063249)\n\n - compat-rules: Allow to specify the generation number through the kernel command line.\n\n - scsi_id: Fixup prefix for pre-SPC inquiry reply.\n (bsc#1039099)\n\n - tmpfiles: Remove old ICE and X11 sockets at boot.\n\n - tmpfiles: Silently ignore any path that passes through autofs. (bsc#1045472)\n\n - pam_logind: Skip leading /dev/ from PAM_TTY field before passing it on.\n\n - shared/machine-pool: Fix another mkfs.btrfs checking.\n (bsc#1053595)\n\n - shutdown: Fix incorrect fscanf() result check.\n\n - shutdown: Don't remount,ro network filesystems.\n (bsc#1035386)\n\n - shutdown: Don't be fooled when detaching DM devices with BTRFS. (bsc#1055641)\n\n - bash-completion: Add support for --now. (bsc#1053137)\n\n - Add convert-lib-udev-path.sh script to convert /lib/udev directory into a symlink pointing to /usr/lib/udev when upgrading from SLE11. (bsc#1050152)\n\n - Add a rule to teach hotplug to offline containers transparently. (bsc#1040800) timezone :\n\n - Northern Cyprus switches from +03 to +02/+03 on 2017-10-29\n\n - Fiji ends DST 2018-01-14, not 2018-01-21\n\n - Namibia switches from +01/+02 to +02 on 2018-04-01\n\n - Sudan switches from +03 to +02 on 2017-11-01\n\n - Tonga likely switches from +13/+14 to +13 on 2017-11-05\n\n - Turks and Caicos switches from -04 to -05/-04 on 2018-11-04\n\n - Corrections to past DST transitions\n\n - Move oversized Canada/East-Saskatchewan to 'backward' file\n\n - zic(8) and the reference runtime now reject multiple leap seconds within 28 days of each other, or leap seconds before the Epoch. util-linux :\n\n - Allow unmounting of filesystems without calling stat() on the mount point, when '-c' is used. (bsc#1040968)\n\n - Fix an infinite loop, a crash and report the correct minimum and maximum frequencies in lscpu for some processors. (bsc#1055446)\n\n - Fix a lscpu failure on Sydney Amazon EC2 region.\n (bsc#1066500)\n\n - If multiple subvolumes are mounted, report the default subvolume. (bsc#1039276) velum :\n\n - Fix logout issue on DEX download page * page doesn't exist (bsc#1066611)\n\n - Handle invalid sessions more user friendly\n\n - Fix undesired minimum nodes alert blink (bsc#1066371) wicked :\n\n - A regression in wicked was causing the hostname not to be set correctly via DHCP in some cases (bsc#1057007,bsc#1050258)\n\n - Configure the interface MTU correctly even in cases where the interface was up already (bsc#1059292)\n\n - Don't abort the process that adds configures routes if one route fails (bsc#1036619)\n\n - Handle DHCP4 user-class ids properly (bsc#1045522)\n\n - ethtool: handle channels parameters (bsc#1043883) zypper :\n\n - Locale: Fix possible segmentation fault. (bsc#1064999)\n\n - Add summary hint if product is better updated by a different command. This is mainly used by rolling distributions like openSUSE Tumbleweed to remind their users to use 'zypper dup' to update (not zypper up or patch). (bsc#1061384)\n\n - Unify '(add|modify)(repo|service)' property related arguments.\n\n - Fixed 'add' commands supporting to set only a subset of properties.\n\n - Introduced '-f/-F' as preferred short option for\n --[no-]refresh in all four commands. (bsc#661410, bsc#1053671)\n\n - Fix missing package names in installation report.\n (bsc#1058695)\n\n - Differ between unsupported and packages with unknown support status. (bsc#1057634)\n\n - Return error code '107' if an RPM's %post configuration script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1 is set in the environment. (bsc#1047233)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653", "CVE-2014-9939", "CVE-2017-12448", "CVE-2017-12450", "CVE-2017-12452", "CVE-2017-12453", "CVE-2017-12454", "CVE-2017-12456", "CVE-2017-12799", "CVE-2017-12837", "CVE-2017-12883", "CVE-2017-13757", "CVE-2017-14128", "CVE-2017-14129", "CVE-2017-14130", "CVE-2017-14333", "CVE-2017-14529", "CVE-2017-14729", "CVE-2017-14745", "CVE-2017-14974", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-6512", "CVE-2017-6965", "CVE-2017-6966", "CVE-2017-6969", "CVE-2017-7209", "CVE-2017-7210", "CVE-2017-7223", "CVE-2017-7224", "CVE-2017-7225", "CVE-2017-7226", "CVE-2017-7299", "CVE-2017-7300", "CVE-2017-7301", "CVE-2017-7302", "CVE-2017-7303", "CVE-2017-7304", "CVE-2017-8392", "CVE-2017-8393", "CVE-2017-8394", "CVE-2017-8396", "CVE-2017-8421", "CVE-2017-9746", "CVE-2017-9747", "CVE-2017-9748", "CVE-2017-9750", "CVE-2017-9755", "CVE-2017-9756"], "modified": "2021-01-28T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sles12-caasp-dex-image", "p-cpe:/a:novell:suse_linux:sles12-dnsmasq-nanny-image", "p-cpe:/a:novell:suse_linux:sles12-haproxy-image", "p-cpe:/a:novell:suse_linux:sles12-kubedns-image", "p-cpe:/a:novell:suse_linux:sles12-mariadb-image", "p-cpe:/a:novell:suse_linux:sles12-openldap-image", "p-cpe:/a:novell:suse_linux:sles12-pause-image", "p-cpe:/a:novell:suse_linux:sles12-pv-recycler-node-image", "p-cpe:/a:novell:suse_linux:sles12-salt-api-image", "p-cpe:/a:novell:suse_linux:sles12-salt-master-image", "p-cpe:/a:novell:suse_linux:sles12-salt-minion-image", "p-cpe:/a:novell:suse_linux:sles12-sidecar-image", "p-cpe:/a:novell:suse_linux:sles12-tiller-image", "p-cpe:/a:novell:suse_linux:sles12-velum-image", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0053-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106092", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0053-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106092);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/28\");\n\n script_cve_id(\"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9621\", \"CVE-2014-9653\", \"CVE-2014-9939\", \"CVE-2017-12448\", \"CVE-2017-12450\", \"CVE-2017-12452\", \"CVE-2017-12453\", \"CVE-2017-12454\", \"CVE-2017-12456\", \"CVE-2017-12799\", \"CVE-2017-12837\", \"CVE-2017-12883\", \"CVE-2017-13757\", \"CVE-2017-14128\", \"CVE-2017-14129\", \"CVE-2017-14130\", \"CVE-2017-14333\", \"CVE-2017-14529\", \"CVE-2017-14729\", \"CVE-2017-14745\", \"CVE-2017-14974\", \"CVE-2017-3735\", \"CVE-2017-3736\", \"CVE-2017-3737\", \"CVE-2017-3738\", \"CVE-2017-6512\", \"CVE-2017-6965\", \"CVE-2017-6966\", \"CVE-2017-6969\", \"CVE-2017-7209\", \"CVE-2017-7210\", \"CVE-2017-7223\", \"CVE-2017-7224\", \"CVE-2017-7225\", \"CVE-2017-7226\", \"CVE-2017-7299\", \"CVE-2017-7300\", \"CVE-2017-7301\", \"CVE-2017-7302\", \"CVE-2017-7303\", \"CVE-2017-7304\", \"CVE-2017-8392\", \"CVE-2017-8393\", \"CVE-2017-8394\", \"CVE-2017-8396\", \"CVE-2017-8421\", \"CVE-2017-9746\", \"CVE-2017-9747\", \"CVE-2017-9748\", \"CVE-2017-9750\", \"CVE-2017-9755\", \"CVE-2017-9756\");\n script_bugtraq_id(70807, 71692, 71700, 71714, 71715, 72516);\n\n script_name(english:\"SUSE SLES12 Security Update : CaaS Platform 2.0 images (SUSE-SU-2018:0053-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The Docker images provided with SUSE CaaS Platform 2.0 have been\nupdated to include the following updates: binutils :\n\n - Update to version 2.29\n\n - 18750 bsc#1030296 CVE-2014-9939\n\n - 20891 bsc#1030585 CVE-2017-7225\n\n - 20892 bsc#1030588 CVE-2017-7224\n\n - 20898 bsc#1030589 CVE-2017-7223\n\n - 20905 bsc#1030584 CVE-2017-7226\n\n - 20908 bsc#1031644 CVE-2017-7299\n\n - 20909 bsc#1031656 CVE-2017-7300\n\n - 20921 bsc#1031595 CVE-2017-7302\n\n - 20922 bsc#1031593 CVE-2017-7303\n\n - 20924 bsc#1031638 CVE-2017-7301\n\n - 20931 bsc#1031590 CVE-2017-7304\n\n - 21135 bsc#1030298 CVE-2017-7209\n\n - 21137 bsc#1029909 CVE-2017-6965\n\n - 21139 bsc#1029908 CVE-2017-6966\n\n - 21156 bsc#1029907 CVE-2017-6969\n\n - 21157 bsc#1030297 CVE-2017-7210\n\n - 21409 bsc#1037052 CVE-2017-8392\n\n - 21412 bsc#1037057 CVE-2017-8393\n\n - 21414 bsc#1037061 CVE-2017-8394\n\n - 21432 bsc#1037066 CVE-2017-8396\n\n - 21440 bsc#1037273 CVE-2017-8421\n\n - 21580 bsc#1044891 CVE-2017-9746\n\n - 21581 bsc#1044897 CVE-2017-9747\n\n - 21582 bsc#1044901 CVE-2017-9748\n\n - 21587 bsc#1044909 CVE-2017-9750\n\n - 21594 bsc#1044925 CVE-2017-9755\n\n - 21595 bsc#1044927 CVE-2017-9756\n\n - 21787 bsc#1052518 CVE-2017-12448\n\n - 21813 bsc#1052503, CVE-2017-12456, bsc#1052507,\n CVE-2017-12454, bsc#1052509, CVE-2017-12453,\n bsc#1052511, CVE-2017-12452, bsc#1052514,\n CVE-2017-12450, bsc#1052503, CVE-2017-12456,\n bsc#1052507, CVE-2017-12454, bsc#1052509,\n CVE-2017-12453, bsc#1052511, CVE-2017-12452,\n bsc#1052514, CVE-2017-12450\n\n - 21933 bsc#1053347 CVE-2017-12799\n\n - 21990 bsc#1058480 CVE-2017-14333\n\n - 22018 bsc#1056312 CVE-2017-13757\n\n - 22047 bsc#1057144 CVE-2017-14129\n\n - 22058 bsc#1057149 CVE-2017-14130\n\n - 22059 bsc#1057139 CVE-2017-14128\n\n - 22113 bsc#1059050 CVE-2017-14529\n\n - 22148 bsc#1060599 CVE-2017-14745\n\n - 22163 bsc#1061241 CVE-2017-14974\n\n - 22170 bsc#1060621 CVE-2017-14729\n\n - Make compressed debug section handling explicit, disable\n for old products and enable for gas on all architectures\n otherwise. [bsc#1029995]\n\n - Remove empty rpath component removal optimization from\n to workaround CMake rpath handling. [bsc#1025282]\n\n - Fix alignment frags for aarch64 (bsc#1003846) \ncoreutils :\n\n - Fix df(1) to no longer interact with excluded file\n system types, so for example specifying -x nfs no longer\n hangs with problematic nfs mounts. (bsc#1026567)\n\n - Ensure df -l no longer interacts with dummy file system\n types, so for example no longer hangs with problematic\n NFS mounted via system.automount(5). (bsc#1043059)\n\n - Significantly speed up df(1) for huge mount lists.\n (bsc#965780) file :\n\n - update to version 5.22.\n\n - CVE-2014-9621: The ELF parser in file allowed remote\n attackers to cause a denial of service via a long\n string. (bsc#913650)\n\n - CVE-2014-9620: The ELF parser in file allowed remote\n attackers to cause a denial of service via a large\n number of notes. (bsc#913651)\n\n - CVE-2014-9653: readelf.c in file did not consider that\n pread calls sometimes read only a subset of the\n available data, which allows remote attackers to cause a\n denial of service (uninitialized memory access) or\n possibly have unspecified other impact via a crafted ELF\n file. (bsc#917152)\n\n - CVE-2014-8116: The ELF parser (readelf.c) in file\n allowed remote attackers to cause a denial of service\n (CPU consumption or crash) via a large number of (1)\n program or (2) section headers or (3) invalid\n capabilities. (bsc#910253)\n\n - CVE-2014-8117: softmagic.c in file did not properly\n limit recursion, which allowed remote attackers to cause\n a denial of service (CPU consumption or crash) via\n unspecified vectors. (bsc#910253)\n\n - Fixed a memory corruption during rpmbuild (bsc#1063269)\n\n - Backport of a fix for an increased printable string\n length as found in file 5.30 (bsc#996511)\n\n - file command throws 'Composite Document File V2\n Document, corrupt: Can't read SSAT' error against excel\n 97/2003 file format. (bsc#1009966) gcc7 :\n\n - Support for specific IBM Power9 processor instructions.\n\n - Support for specific IBM zSeries z14 processor\n instructions.\n\n - New packages cross-npvtx-gcc7 and nvptx-tools added to\n the Toolchain Module for specific NVIDIA Card offload\n support. gzip :\n\n - fix mishandling of leading zeros in the end-of-block\n code (bsc#1067891) libsolv :\n\n - Many fixes and improvements for cleandeps.\n\n - Always create dup rules for 'distupgrade' jobs.\n\n - Use recommends also for ordering packages.\n\n - Fix splitprovides handling with addalreadyrecommended\n turned off. (bsc#1059065)\n\n - Expose solver_get_recommendations() in bindings.\n\n - Fix bug in solver_prune_to_highest_prio_per_name\n resulting in bad output from\n solver_get_recommendations().\n\n - Support 'without' and 'unless' dependencies.\n\n - Use same heuristic as upstream to determine source RPMs.\n\n - Fix memory leak in bindings.\n\n - Add pool_best_solvables() function.\n\n - Fix 64bit integer parsing from RPM headers.\n\n - Enable bzip2 and xz/lzma compression support.\n\n - Enable complex/rich dependencies on distributions with\n RPM 4.13+. libtool :\n\n - Add missing dependencies and provides to baselibs.conf\n to make sure libltdl libraries are properly installed.\n (bsc#1056381) libzypp :\n\n - Fix media handling in presence of a repo path prefix.\n (bsc#1062561)\n\n - Fix RepoProvideFile ignoring a repo path prefix.\n (bsc#1062561)\n\n - Remove unused legacy notify-message script.\n (bsc#1058783)\n\n - Support multiple product licenses in repomd.\n (fate#322276)\n\n - Propagate 'rpm --import' errors. (bsc#1057188)\n\n - Fix typos in zypp.conf. openssl :\n\n - CVE-2017-3735: openssl1,openssl: Malformed X.509\n IPAdressFamily could cause OOB read (bsc#1056058)\n\n - CVE-2017-3736: openssl: bn_sqrx8x_internal carry bug on\n x86_64 (bsc#1066242)\n\n - Out of bounds read+crash in DES_fcrypt (bsc#1065363)\n\n - openssl DEFAULT_SUSE cipher list is missing ECDHE-ECDSA\n ciphers (bsc#1055825) perl: Security issues for perl :\n\n - CVE-2017-12837: Heap-based buffer overflow in the\n S_regatom function in regcomp.c in Perl 5 before\n 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote\n attackers to cause a denial of service (out-of-bounds\n write) via a regular expression with a escape and the\n case-insensitive modifier. (bnc#1057724)\n\n - CVE-2017-12883: Buffer overflow in the S_grok_bslash_N\n function in regcomp.c in Perl 5 before 5.24.3-RC1 and\n 5.26.x before 5.26.1-RC1 allows remote attackers to\n disclose sensitive information or cause a denial of\n service (application crash) via a crafted regular\n expression with an invalid escape. (bnc#1057721)\n\n - CVE-2017-6512: Race condition in the rmtree and\n remove_tree functions in the File-Path module before\n 2.13 for Perl allows attackers to set the mode on\n arbitrary files via vectors involving\n directory-permission loosening logic. (bnc#1047178) Bug\n fixes for perl :\n\n - backport set_capture_string changes from upstream\n (bsc#999735)\n\n - reformat baselibs.conf as source validator workaround\n systemd :\n\n - unit: When JobTimeoutSec= is turned off, implicitly turn\n off JobRunningTimeoutSec= too. (bsc#1048605,\n bsc#1004995)\n\n - compat-rules: Generate compat by-id symlinks with 'nvme'\n prefix missing and warn users that have broken symlinks.\n (bsc#1063249)\n\n - compat-rules: Allow to specify the generation number\n through the kernel command line.\n\n - scsi_id: Fixup prefix for pre-SPC inquiry reply.\n (bsc#1039099)\n\n - tmpfiles: Remove old ICE and X11 sockets at boot.\n\n - tmpfiles: Silently ignore any path that passes through\n autofs. (bsc#1045472)\n\n - pam_logind: Skip leading /dev/ from PAM_TTY field before\n passing it on.\n\n - shared/machine-pool: Fix another mkfs.btrfs checking.\n (bsc#1053595)\n\n - shutdown: Fix incorrect fscanf() result check.\n\n - shutdown: Don't remount,ro network filesystems.\n (bsc#1035386)\n\n - shutdown: Don't be fooled when detaching DM devices with\n BTRFS. (bsc#1055641)\n\n - bash-completion: Add support for --now. (bsc#1053137)\n\n - Add convert-lib-udev-path.sh script to convert /lib/udev\n directory into a symlink pointing to /usr/lib/udev when\n upgrading from SLE11. (bsc#1050152)\n\n - Add a rule to teach hotplug to offline containers\n transparently. (bsc#1040800) timezone :\n\n - Northern Cyprus switches from +03 to +02/+03 on\n 2017-10-29\n\n - Fiji ends DST 2018-01-14, not 2018-01-21\n\n - Namibia switches from +01/+02 to +02 on 2018-04-01\n\n - Sudan switches from +03 to +02 on 2017-11-01\n\n - Tonga likely switches from +13/+14 to +13 on 2017-11-05\n\n - Turks and Caicos switches from -04 to -05/-04 on\n 2018-11-04\n\n - Corrections to past DST transitions\n\n - Move oversized Canada/East-Saskatchewan to 'backward'\n file\n\n - zic(8) and the reference runtime now reject multiple\n leap seconds within 28 days of each other, or leap\n seconds before the Epoch. util-linux :\n\n - Allow unmounting of filesystems without calling stat()\n on the mount point, when '-c' is used. (bsc#1040968)\n\n - Fix an infinite loop, a crash and report the correct\n minimum and maximum frequencies in lscpu for some\n processors. (bsc#1055446)\n\n - Fix a lscpu failure on Sydney Amazon EC2 region.\n (bsc#1066500)\n\n - If multiple subvolumes are mounted, report the default\n subvolume. (bsc#1039276) velum :\n\n - Fix logout issue on DEX download page * page doesn't\n exist (bsc#1066611)\n\n - Handle invalid sessions more user friendly\n\n - Fix undesired minimum nodes alert blink (bsc#1066371)\n wicked :\n\n - A regression in wicked was causing the hostname not to\n be set correctly via DHCP in some cases\n (bsc#1057007,bsc#1050258)\n\n - Configure the interface MTU correctly even in cases\n where the interface was up already (bsc#1059292)\n\n - Don't abort the process that adds configures routes if\n one route fails (bsc#1036619)\n\n - Handle DHCP4 user-class ids properly (bsc#1045522)\n\n - ethtool: handle channels parameters (bsc#1043883) \nzypper :\n\n - Locale: Fix possible segmentation fault. (bsc#1064999)\n\n - Add summary hint if product is better updated by a\n different command. This is mainly used by rolling\n distributions like openSUSE Tumbleweed to remind their\n users to use 'zypper dup' to update (not zypper up or\n patch). (bsc#1061384)\n\n - Unify '(add|modify)(repo|service)' property related\n arguments.\n\n - Fixed 'add' commands supporting to set only a subset of\n properties.\n\n - Introduced '-f/-F' as preferred short option for\n --[no-]refresh in all four commands. (bsc#661410,\n bsc#1053671)\n\n - Fix missing package names in installation report.\n (bsc#1058695)\n\n - Differ between unsupported and packages with unknown\n support status. (bsc#1057634)\n\n - Return error code '107' if an RPM's %post configuration\n script fails, but only if ZYPPER_ON_CODE12_RETURN_107=1\n is set in the environment. (bsc#1047233)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1041090\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045522\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1052518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053347\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057144\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059075\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063249\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-3710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-8117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9620/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9621/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9653/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12448/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12450/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12452/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12453/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12454/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12456/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12799/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12837/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14128/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14129/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14130/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14333/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14529/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-14974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3735/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3736/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3737/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3738/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6512/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180053-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2e30c71\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-40=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-caasp-dex-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-dnsmasq-nanny-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-haproxy-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-kubedns-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-mariadb-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-openldap-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-pause-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-pv-recycler-node-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-salt-api-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-salt-master-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-salt-minion-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-sidecar-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-tiller-image\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sles12-velum-image\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-caasp-dex-image-2.0.0-3.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-dnsmasq-nanny-image-2.0.1-2.3.15\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-haproxy-image-2.0.1-2.3.16\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-kubedns-image-2.0.1-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-mariadb-image-2.0.1-2.3.15\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-openldap-image-2.0.0-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-pause-image-2.0.1-2.3.9\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-pv-recycler-node-image-2.0.1-2.3.10\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-salt-api-image-2.0.1-2.3.10\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-salt-master-image-2.0.1-2.3.10\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-salt-minion-image-2.0.1-2.3.14\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-sidecar-image-2.0.1-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-tiller-image-2.0.0-2.3.11\")) flag++;\nif (rpm_check(release:\"SLES12\", cpu:\"x86_64\", reference:\"sles12-velum-image-2.0.1-2.3.13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"CaaS Platform 2.0 images\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T15:30:48", "description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", "cvss3": {}, "published": "2015-01-21T18:59:00", "type": "cve", "title": "CVE-2014-9620", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9620"], "modified": "2018-06-16T01:29:00", "cpe": ["cpe:/a:file_project:file:5.09", "cpe:/a:file_project:file:5.10", "cpe:/a:file_project:file:5.17", "cpe:/a:file_project:file:5.12", "cpe:/a:file_project:file:5.15", "cpe:/a:file_project:file:5.11", "cpe:/a:file_project:file:5.16", "cpe:/a:file_project:file:5.18", "cpe:/a:file_project:file:5.21", "cpe:/a:file_project:file:5.08", "cpe:/a:file_project:file:5.14", "cpe:/a:file_project:file:5.19", "cpe:/a:file_project:file:5.20", "cpe:/a:file_project:file:5.13"], "id": "CVE-2014-9620", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9620", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:file_project:file:5.09:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.13:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.19:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.08:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.21:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.16:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.18:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.20:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.15:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.17:*:*:*:*:*:*:*", "cpe:2.3:a:file_project:file:5.14:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-27T18:35:22", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for file (EulerOS-SA-2019-2578)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192578", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192578", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2578\");\n script_version(\"2020-01-23T13:07:13+0000\");\n script_cve_id(\"CVE-2014-9620\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:07:13 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:07:13 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for file (EulerOS-SA-2019-2578)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2578\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2578\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'file' package(s) announced via the EulerOS-SA-2019-2578 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\");\n\n script_tag(name:\"affected\", value:\"'file' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"file\", rpm:\"file~5.11~31.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-libs\", rpm:\"file-libs~5.11~31.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-magic\", rpm:\"python-magic~5.11~31.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:40:20", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for file (EulerOS-SA-2019-2449)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18218", "CVE-2014-9620"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192449", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192449", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2449\");\n script_version(\"2020-01-23T12:58:10+0000\");\n script_cve_id(\"CVE-2014-9620\", \"CVE-2019-18218\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:58:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:58:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for file (EulerOS-SA-2019-2449)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2449\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2449\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'file' package(s) announced via the EulerOS-SA-2019-2449 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).(CVE-2019-18218)\n\nThe ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.(CVE-2014-9620)\");\n\n script_tag(name:\"affected\", value:\"'file' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"file\", rpm:\"file~5.11~31.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-libs\", rpm:\"file-libs~5.11~31.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-magic\", rpm:\"python-magic~5.11~31.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:56", "description": "Multiple security issues have been\nfound in file, a tool/library to determine a file type. Processing a malformed\nfile could result in denial of service. Most of the changes are related to\nparsing ELF files.\n\nAs part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like recursion\nlimit exceeded or too many program header sections.\n\nTo mitigate such shortcomings, these limits are controllable by a new\n\n - -P, --parameter option in the file program.", "cvss3": {}, "published": "2015-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3121-1 (file - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8117", "CVE-2014-8116", "CVE-2014-9620"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703121", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3121.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3121-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703121\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\");\n script_name(\"Debian Security Advisory DSA 3121-1 (file - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-01-08 00:00:00 +0100 (Thu, 08 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3121.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"file on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.11-2+deb7u7.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:5.21+15-1.\n\nWe recommend that you upgrade your file packages.\");\n script_tag(name:\"summary\", value:\"Multiple security issues have been\nfound in file, a tool/library to determine a file type. Processing a malformed\nfile could result in denial of service. Most of the changes are related to\nparsing ELF files.\n\nAs part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like recursion\nlimit exceeded or too many program header sections.\n\nTo mitigate such shortcomings, these limits are controllable by a new\n\n - -P, --parameter option in the file program.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"file\", ver:\"5.11-2+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagic-dev\", ver:\"5.11-2+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"5.11-2+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-magic\", ver:\"5.11-2+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-magic-dbg\", ver:\"5.11-2+deb7u7\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-24T12:53:26", "description": "Multiple security issues have been\nfound in file, a tool/library to determine a file type. Processing a malformed\nfile could result in denial of service. Most of the changes are related to\nparsing ELF files.\n\nAs part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like recursion\nlimit exceeded or too many program header sections.\n\nTo mitigate such shortcomings, these limits are controllable by a new\n- -P, --parameter option in the file program.", "cvss3": {}, "published": "2015-01-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3121-1 (file - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8117", "CVE-2014-8116", "CVE-2014-9620"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703121", "href": "http://plugins.openvas.org/nasl.php?oid=703121", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3121.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3121-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703121);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\");\n script_name(\"Debian Security Advisory DSA 3121-1 (file - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-01-08 00:00:00 +0100 (Thu, 08 Jan 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3121.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"file on Debian Linux\");\n script_tag(name: \"insight\", value: \"File tests each argument in an attempt\nto classify it. There are three sets of tests, performed in this order:\nfilesystem tests, magic number tests, and language tests. The first test that\nsucceeds causes the file type to be printed.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthese problems have been fixed in version 5.11-2+deb7u7.\n\nFor the upcoming stable distribution (jessie), these problems will be\nfixed soon.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1:5.21+15-1.\n\nWe recommend that you upgrade your file packages.\");\n script_tag(name: \"summary\", value: \"Multiple security issues have been\nfound in file, a tool/library to determine a file type. Processing a malformed\nfile could result in denial of service. Most of the changes are related to\nparsing ELF files.\n\nAs part of the fixes, several limits on aspects of the detection were\nadded or tightened, sometimes resulting in messages like recursion\nlimit exceeded or too many program header sections.\n\nTo mitigate such shortcomings, these limits are controllable by a new\n- -P, --parameter option in the file program.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"file\", ver:\"5.11-2+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagic-dev\", ver:\"5.11-2+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"5.11-2+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-magic\", ver:\"5.11-2+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-magic-dbg\", ver:\"5.11-2+deb7u7\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:06", "description": "Gentoo Linux Local Security Checks GLSA 201503-08", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201503-08", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9620", "CVE-2014-9621", "CVE-2014-2270"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121362", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121362", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201503-08.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121362\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:39 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201503-08\");\n script_tag(name:\"insight\", value:\"Multiple issues with the ELF parser used by the file utility have been detected and fixed.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201503-08\");\n script_cve_id(\"CVE-2014-2270\", \"CVE-2014-9620\", \"CVE-2014-9621\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201503-08\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"sys-apps/file\", unaffected: make_list(\"ge 5.22\"), vulnerable: make_list(\"lt 5.22\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:58:51", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-497)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8117", "CVE-2014-8116", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120171", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120171\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:19:09 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-497)\");\n script_tag(name:\"insight\", value:\"The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620 )The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116 )It was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653 )The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621 )softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117 )\");\n script_tag(name:\"solution\", value:\"Run yum update file to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-497.html\");\n script_cve_id(\"CVE-2014-9620\", \"CVE-2014-8116\", \"CVE-2014-9653\", \"CVE-2014-9621\", \"CVE-2014-8117\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"file-debuginfo\", rpm:\"file-debuginfo~5.22~2.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-devel\", rpm:\"file-devel~5.22~2.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-libs\", rpm:\"file-libs~5.22~2.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"file-static\", rpm:\"file-static~5.22~2.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python26-magic\", rpm:\"python26-magic~5.22~2.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python27-magic\", rpm:\"python27-magic~5.22~2.29.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for file USN-3686-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8865", "CVE-2018-10360", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843561", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3686_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for file USN-3686-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843561\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-15 05:47:38 +0200 (Fri, 15 Jun 2018)\");\n script_cve_id(\"CVE-2014-9620\", \"CVE-2014-9653\", \"CVE-2015-8865\", \"CVE-2018-10360\",\n \"CVE-2014-9621\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for file USN-3686-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Alexander Cherepanov discovered that\nfile incorrectly handled a large number of notes. An attacker could use\nthis issue to cause a denial of service. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-9620)\n\nAlexander Cherepanov discovered that file incorrectly handled certain long\nstrings. An attacker could use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)\n\nAlexander Cherepanov discovered that file incorrectly handled certain\nmalformed ELF files. An attacker could use this issue to cause a denial of\nservice, or possibly execute arbitrary code. This issue only affected\nUbuntu 14.04 LTS. (CVE-2014-9653)\n\nIt was discovered that file incorrectly handled certain magic files. An\nattacker could use this issue with a specially crafted magic file to cause\na denial of service, or possibly execute arbitrary code. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2015-8865)\n\nIt was discovered that file incorrectly handled certain malformed ELF\nfiles. An attacker could use this issue to cause a denial of service.\n(CVE-2018-10360)\");\n script_tag(name:\"affected\", value:\"file on Ubuntu 18.04 LTS,\n Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3686-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3686-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.14-2ubuntu3.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.14-2ubuntu3.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.32-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.32-1ubuntu0.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.32-2ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.32-2ubuntu0.1\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"file\", ver:\"1:5.25-2ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libmagic1\", ver:\"1:5.25-2ubuntu1.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:43", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-02-19T00:00:00", "type": "openvas", "title": "Fedora Update for file FEDORA-2015-2020", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8117", "CVE-2014-8116", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869021", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869021", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for file FEDORA-2015-2020\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869021\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-19 05:41:54 +0100 (Thu, 19 Feb 2015)\");\n script_cve_id(\"CVE-2014-9621\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\",\n \"CVE-2014-9653\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for file FEDORA-2015-2020\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"file on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2020\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150121.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"file\", rpm:\"file~5.22~2.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-05-11T00:00:00", "type": "openvas", "title": "RedHat Update for file RHSA-2016:0760-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8117", "CVE-2014-8116", "CVE-2014-3587", "CVE-2012-1571", "CVE-2014-9620", "CVE-2014-3538", "CVE-2014-3710", "CVE-2014-9653"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871616", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for file RHSA-2016:0760-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871616\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-11 05:23:30 +0200 (Wed, 11 May 2016)\");\n script_cve_id(\"CVE-2014-3538\", \"CVE-2014-3587\", \"CVE-2014-3710\", \"CVE-2014-8116\", \"CVE-2014-8117\", \"CVE-2014-9620\", \"CVE-2014-9653\", \"CVE-2012-1571\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for file RHSA-2016:0760-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'file'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The file command is used to identify a particular file according to the\ntype of data the file contains. It can identify many different file types,\nincluding Executable and Linkable Format (ELF) binary files, system\nlibraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es):\n\n * Multiple flaws were found in the file regular expression rules for\ndetecting various files. A remote attacker could use these flaws to cause\nfile to consume an excessive amount of CPU. (CVE-2014-3538)\n\n * A denial of service flaw was found in the way file parsed certain\nComposite Document Format (CDF) files. A remote attacker could use this\nflaw to crash file via a specially crafted CDF file. (CVE-2014-3587)\n\n * Multiple flaws were found in the way file parsed Executable and Linkable\nFormat (ELF) files. A remote attacker could use these flaws to cause file\nto crash, disclose portions of its memory, or consume an excessive amount\nof system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117,\nCVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting\nCVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by\nJan Kalua (Red Hat Web Stack Team) and the CVE-2014-3710 issue was\ndiscovered by Francisco Alonso (Red Hat Product Security).\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8\nTechnical Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"file on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:0760-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-May/msg00020.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"file\", rpm:\"file~5.04~30.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"file-debuginfo\", rpm:\"file-debuginfo~5.04~30.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"file-devel\", rpm:\"file-devel~5.04~30.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"file-libs\", rpm:\"file-libs~5.04~30.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-magic\", rpm:\"python-magic~5.04~30.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-26T07:33:19", "description": "The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.", "cvss3": {}, "published": "2015-01-21T18:59:00", "type": "debiancve", "title": "CVE-2014-9620", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9620"], "modified": "2015-01-21T18:59:00", "id": "DEBIANCVE:CVE-2014-9620", "href": "https://security-tracker.debian.org/tracker/CVE-2014-9620", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers (CVE-2014-9620, CVE-2014-9621). As part of the fixes, several limits on aspects of the detection were added or tightened, sometimes resulting in messages like \"recursion limit exceeded\" or \"too many program header sections\". To mitigate such shortcomings, these limits are controllable by a new -P, \\--parameter option in the file program. \n", "cvss3": {}, "published": "2015-01-19T16:47:36", "type": "mageia", "title": "Updated file packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9620", "CVE-2014-9621"], "modified": "2015-01-19T16:47:36", "id": "MGASA-2015-0030", "href": "https://advisories.mageia.org/MGASA-2015-0030.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated php and libgd packages fix security vulnerabilities: Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP before 5.5.21 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2014-9425). sapi/cgi/cgi_main.c in the CGI component in PHP before 5.5.21, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping (CVE-2014-9427). Use after free vulnerability in unserialize() in PHP before 5.5.21 (CVE-2015-0231). Free called on an uninitialized pointer in php-exif in PHP before 5.5.21 (CVE-2015-0232). The readelf.c source file has been removed from PHP's bundled copy of file's libmagic, eliminating exposure to denial of service issues in ELF file parsing such as CVE-2014-8116, CVE-2014-8117, CVE-2014-9620 and CVE-2014-9621 in PHP's fileinfo module. A buffer read overflow in gd_gif_in.c in the php#68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package. The php package has been updated to version 5.5.21 to fix these issues and other bugs. Please see the upstream ChangeLog for more information. \n", "cvss3": {}, "published": "2015-01-27T21:08:29", "type": "mageia", "title": "Updated php packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9425", "CVE-2014-9427", "CVE-2014-9620", "CVE-2014-9621", "CVE-2015-0231", "CVE-2015-0232"], "modified": "2015-01-27T21:08:29", "id": "MGASA-2015-0040", "href": "https://advisories.mageia.org/MGASA-2015-0040.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:05", "description": "### Background\n\nThe file utility attempts to identify a file\u2019s format by scanning binary data for patterns. \n\n### Description\n\nMultiple issues with the ELF parser used by the file utility have been detected and fixed. \n\n### Impact\n\nA context-dependent attacker can cause Denial of Service.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll file users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/file-5.22\"", "cvss3": {}, "published": "2015-03-16T00:00:00", "type": "gentoo", "title": "file: Denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2270", "CVE-2014-9620", "CVE-2014-9621"], "modified": "2015-03-16T00:00:00", "id": "GLSA-201503-08", "href": "https://security.gentoo.org/glsa/201503-08", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2021-07-25T19:30:18", "description": "**Issue Overview:**\n\nThe ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. (CVE-2014-9620)\n\nThe ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities. (CVE-2014-8116)\n\nIt was reported that a malformed elf file can cause file urility to access invalid memory. (CVE-2014-9653)\n\nThe ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. (CVE-2014-9621)\n\nsoftmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors. (CVE-2014-8117)\n\n \n**Affected Packages:** \n\n\nfile\n\n \n**Issue Correction:** \nRun _yum update file_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 file-debuginfo-5.22-2.29.amzn1.i686 \n \u00a0\u00a0\u00a0 file-devel-5.22-2.29.amzn1.i686 \n \u00a0\u00a0\u00a0 file-libs-5.22-2.29.amzn1.i686 \n \u00a0\u00a0\u00a0 file-static-5.22-2.29.amzn1.i686 \n \u00a0\u00a0\u00a0 file-5.22-2.29.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 python26-magic-5.22-2.29.amzn1.noarch \n \u00a0\u00a0\u00a0 python27-magic-5.22-2.29.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 file-5.22-2.29.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 file-devel-5.22-2.29.amzn1.x86_64 \n \u00a0\u00a0\u00a0 file-debuginfo-5.22-2.29.amzn1.x86_64 \n \u00a0\u00a0\u00a0 file-5.22-2.29.amzn1.x86_64 \n \u00a0\u00a0\u00a0 file-libs-5.22-2.29.amzn1.x86_64 \n \u00a0\u00a0\u00a0 file-static-5.22-2.29.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {}, "published": "2015-03-23T08:32:00", "type": "amazon", "title": "Medium: file", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2015-03-23T09:02:00", "id": "ALAS-2015-497", "href": "https://alas.aws.amazon.com/ALAS-2015-497.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:56:28", "description": "Alexander Cherepanov discovered that file incorrectly handled a large \nnumber of notes. An attacker could use this issue to cause a denial of \nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)\n\nAlexander Cherepanov discovered that file incorrectly handled certain long \nstrings. An attacker could use this issue to cause a denial of service. \nThis issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621)\n\nAlexander Cherepanov discovered that file incorrectly handled certain \nmalformed ELF files. An attacker could use this issue to cause a denial of \nservice, or possibly execute arbitrary code. This issue only affected \nUbuntu 14.04 LTS. (CVE-2014-9653)\n\nIt was discovered that file incorrectly handled certain magic files. An \nattacker could use this issue with a specially crafted magic file to cause \na denial of service, or possibly execute arbitrary code. This issue only \naffected Ubuntu 14.04 LTS. (CVE-2015-8865)\n\nIt was discovered that file incorrectly handled certain malformed ELF \nfiles. An attacker could use this issue to cause a denial of service. \n(CVE-2018-10360)\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-14T00:00:00", "type": "ubuntu", "title": "file vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9653", "CVE-2014-9621", "CVE-2018-10360", "CVE-2014-9620", "CVE-2015-8865"], "modified": "2018-06-14T00:00:00", "id": "USN-3686-1", "href": "https://ubuntu.com/security/notices/USN-3686-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. ", "edition": 2, "cvss3": {}, "published": "2015-02-18T05:55:37", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: file-5.22-2.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653"], "modified": "2015-02-18T05:55:37", "id": "FEDORA:12ECA6048D46", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:45:49", "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nAlexander Cherepanov discovered that file incorrectly handled a large number of notes. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9620)\n\nAlexander Cherepanov discovered that file incorrectly handled certain long strings. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9621)\n\nAlexander Cherepanov discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-9653)\n\nIt was discovered that file incorrectly handled certain magic files. An attacker could use this issue with a specially crafted magic file to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-8865)\n\nIt was discovered that file incorrectly handled certain malformed ELF files. An attacker could use this issue to cause a denial of service. (CVE-2018-10360)\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.24\n * 3541.x versions prior to 3541.34\n * 3468.x versions prior to 3468.51\n * 3445.x versions prior to 3445.51\n * 3421.x versions prior to 3421.66\n * 3363.x versions prior to 3363.65\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.218.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3586.x versions to 3586.24\n * Upgrade 3541.x versions to 3541.34\n * Upgrade 3468.x versions to 3468.51\n * Upgrade 3445.x versions to 3445.51\n * Upgrade 3421.x versions to 3421.66\n * Upgrade 3363.x versions to 3363.65\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.218.0 or later.\n\n# References\n\n * [USN-3686-1](<https://usn.ubuntu.com/3686-1/>)\n * [CVE-2014-9620](<https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9620>)\n * [CVE-2014-9621](<https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9621>)\n * [CVE-2014-9653](<https://people.canonical.com/~ubuntu-security/cve/CVE-2014-9653>)\n * [CVE-2015-8865](<https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8865>)\n * [CVE-2018-10360](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10360>)\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-20T00:00:00", "type": "cloudfoundry", "title": "USN-3686-1: file vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9620", "CVE-2014-9621", "CVE-2014-9653", "CVE-2015-8865", "CVE-2018-10360"], "modified": "2018-06-20T00:00:00", "id": "CFOUNDRY:A58A28BA2BEDC49368B2C44649B60BD8", "href": "https://www.cloudfoundry.org/blog/usn-3686-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-02-24T00:35:41", "description": "## Summary\n\nThere are multiple vulnerabilities in file that is used by IBM Security Network Protection. These vulnerabilities include CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, and CVE-2014-9653.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3587_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM Security Network Protection 5.3.1 \nIBM Security Network Protection 5.3.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.10 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n22 August 2016: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSHLHV\",\"label\":\"IBM Security Network Protection\"},\"Business Unit\":{\"code\":\"BU008\",\"label\":\"Security\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"5.3.1;5.3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {}, "published": "2018-06-16T21:43:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in file affect IBM Security Network Protection", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2018-06-16T21:43:49", "id": "045B04E2252E3B851D69AA785CAC9B0BD8A6AF9E04C95FB3C9A6AE0C081B07DB", "href": "https://www.ibm.com/support/pages/node/282823", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:41:51", "description": "## Summary\n\nIBM SmartCloud Entry is vulnerable to file vulnerabilities, An attacker could exploit these vulnerabilities to use a specially-crafted file to consume all available CPU resources, cause a denial of service, execute arbitrary code, or cause applications/executables to crash. \nCVE-2014-3538 CVE-2014-3587 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9653 \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3587_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 6 \nIBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 21 \nIBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 21\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nIBM SmartCloud Entry| 2.2| None| IBM SmartCloud Entry 2.2.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&amp;fixids=2.2.0.4-IBM-SKC_APPL-FP007&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+Starter+Kit+for+Cloud&fixids=2.2.0.4-IBM-SKC_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&amp;fixids=2.3.0.4-IBM-SCE_APPL-FP007&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.3.0.4-IBM-SCE_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 7: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&amp;fixids=2.4.0.4-IBM-SCE_APPL-FP007&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=2.4.0.4-IBM-SCE_APPL-FP007&source=SAR>) \nIBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 22: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&amp;fixids=3.1.0.4-IBM-SCE_APPL-FP22&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.1.0.4-IBM-SCE_APPL-FP22&source=SAR>) \nIBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 22: \n \n[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&amp;fixids=3.2.0.4-IBM-SCE_APPL-FP22&amp;source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP22&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n8 September 2016: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SST55W\",\"label\":\"IBM Cloud Manager with OpenStack\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.3;2.4;3.1;3.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2020-07-19T00:49:12", "type": "ibm", "title": "Security Bulletin: File vulnerabilities affect IBM SmartClound Entry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2020-07-19T00:49:12", "id": "4ADB4E5C9333BE81F0AE13CD11FC54A35D37B3E631931FE894238620EDC74EB0", "href": "https://www.ibm.com/support/pages/node/629561", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:42:21", "description": "## Summary\n\nIBM Security Guardium is affected by Using Components with Known vulnerabilities. IBM Security Guardium has fixed these vulnerabilities\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3584_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3584>)** \nDESCRIPTION:** Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received in the authorization header of a request by the Apache CXF JAX-RS service. By passing malicious values using the SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97753_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97753>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-9311_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference when trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119086_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119086>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9310_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the control mode (mode 6) functionality. By sending specially crafted control mode packets, a remote attacker could exploit this vulnerability to obtain sensitive information and cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119087_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119087>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9147_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120473_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120473>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8635_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7545_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7433_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the inclusion of the root delay allowing for an incorrect root distance calculation. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119095_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119095>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7429_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an attack on interface selection. By sending specially crafted packets with spoofed source address, a physical attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119093_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119093>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7426_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By sending specially crafted packets with spoofed source address, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119094_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119094>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7076_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7032_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-6313_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313>)** \nDESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116169_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116169>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6306_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6302_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5699_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699>)** \nDESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114200_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114200>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5424_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424>)** \nDESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the improper handling of database and role names containing newlines, carriage returns, double quotes, or backslashes. By running certain maintenance programs, an attacker could grant the user superuser privileges. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116075_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116075>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5408_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5408>)** \nDESCRIPTION:** SQUID is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the munge_other_line function in the cachemgr.cgi. By sending specially crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116203_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116203>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5285_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119189_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119189>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2182_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116342_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116342>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2181_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2180_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115829_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2179_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2178_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1248_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248>)** \nDESCRIPTION:** Vim could allow a local attacker to execute arbitrary code on the system, caused by the improper validation of the ''filetype'', ''syntax'' and ''keymap'' options. By using a specially-crafted filee with a malicious modeline, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119191_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119191>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0787_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787>)** \nDESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0772_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772>)** \nDESCRIPTION:** Python''s smtplib library is vulnerable to a stripping attack. An exception isn''t returned by the Python''s smtplib library if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with man-in-the-middle ability could exploit this vulnerability to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114287_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114287>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0718_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718>)** \nDESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7940_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2575_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102348_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102348>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0254_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3587_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10x| [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&amp;includeSupersedes=0&amp;source=fc_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p230_GPU_Jun-2017-V10.1.3&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n08/17/2017: Original publish date\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"10.0;10.0.1;10.1;10.1.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-16T22:02:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3584", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653", "CVE-2015-0254", "CVE-2015-2575", "CVE-2015-7940", "CVE-2016-0718", "CVE-2016-0772", "CVE-2016-0787", "CVE-2016-1248", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-5408", "CVE-2016-5424", "CVE-2016-5699", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6313", "CVE-2016-7032", "CVE-2016-7076", "CVE-2016-7117", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-7545", "CVE-2016-8635", "CVE-2016-9147", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2018-06-16T22:02:01", "id": "A9C254F86614D2334E5A1624EEBD7497A5FA74BEC3159FA2530927B6C4A89585", "href": "https://www.ibm.com/support/pages/node/566897", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:40:47", "description": "## Summary\n\nIBM Security Guardium is affected by Using Components with Known Vulnerabilities. IBM Security Guardium has fixed these vulnerabilities \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3584_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3584>)** \nDESCRIPTION:** Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received in the authorization header of a request by the Apache CXF JAX-RS service. By passing malicious values using the SamlHeaderInHandler, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97753_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97753>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3538_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>)** \nDESCRIPTION:** Fine Free file is vulnerable to a denial of service, caused by the failure to properly restrict the amount of data read during a regex search. A remote attacker could exploit this vulnerability using a specially-crafted file to consume all available CPU resources. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94324_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94324>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2016-9311_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9311>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by a NULL pointer dereference when trap service has been enabled. By sending specially crafted packets, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119086_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119086>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9310_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9310>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an error in the control mode (mode 6) functionality. By sending specially crafted control mode packets, a remote attacker could exploit this vulnerability to obtain sensitive information and cause the application to crash. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119087_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119087>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)\n\n**CVEID:** [_CVE-2016-9147_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by the improper handling of responses containing DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response. By sending a malformed response, a remote attacker could exploit this vulnerability to trigger an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/120473_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/120473>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-8635_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by a small subgroup confinement attack in Diffie Hellman Client key exchange handling. By confining the client DH key to small subgroup of the desired group, a remote attacker could exploit this vulnerability to recover private keys. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-7545_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7545>)** \nDESCRIPTION:** Policycoreutils could allow a remote attacker to execute arbitrary commands on the system, caused by a TIOCSTI ioctl attack in the provided sandbox tool. By persuading a victim to run a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary commands on the system. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119020_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119020>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7433_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7433>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the inclusion of the root delay allowing for an incorrect root distance calculation. An attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119095_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119095>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7429_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7429>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by an attack on interface selection. By sending specially crafted packets with spoofed source address, a physical attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119093_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119093>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7426_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7426>)** \nDESCRIPTION:** NTP is vulnerable to a denial of service, caused by the improper handling of invalid server responses. By sending specially crafted packets with spoofed source address, a remote attacker could exploit this vulnerability to a denial of service. \nCVSS Base Score: 1.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119094_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119094>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-7117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-7076_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7076>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed wordexp() C library function with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119502_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119502>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-7032_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7032>)** \nDESCRIPTION:** Sudo could allow a local authenticated attacker to execute arbitrary commands on the system, caused by the bypass of the sudo noexec restriction. By running an application via sudo executed system() or popen() C library functions with a user supplied argument, an attacker could exploit this vulnerability to execute arbitrary commands with elevated privileges. \nCVSS Base Score: 6.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119500_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119500>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-6313_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313>)** \nDESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116169_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116169>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6306_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6306>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by missing message length checks when parsing certificates. A remote authenticated attacker could exploit this vulnerability to trigger an out-of-bounds read and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117112_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117112>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-6304_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6304>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks in t1_lib.c during session renegotiation. By sending an overly large OCSP Status Request extension, a remote attacker could exploit this vulnerability to consume all available memory resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117110_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117110>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6302_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6302>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tls_decrypt_ticket function A remote attacker could exploit this vulnerability using a ticket that is too short to cause a denial of service. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117024_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117024>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-5699_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5699>)** \nDESCRIPTION:** urllib2 and urllib for Python are vulnerable to HTTP header injection, caused by improper validation of input. By persuading a victim to visit a specially-crafted Web page, a remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114200_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114200>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-5424_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5424>)** \nDESCRIPTION:** PostgreSQL could allow a remote authenticated attacker to gain elevated privileges on the system, caused by the improper handling of database and role names containing newlines, carriage returns, double quotes, or backslashes. By running certain maintenance programs, an attacker could grant the user superuser privileges. \nCVSS Base Score: 8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116075_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116075>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-5408_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5408>)** \nDESCRIPTION:** SQUID is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the munge_other_line function in the cachemgr.cgi. By sending specially crafted data, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116203_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116203>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-5285_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, is vulnerable to a denial of service, caused by a NULL pointer dereference in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime when handling invalid Diffie-Hellman keys. A remote attacker could exploit this vulnerability to crash a TLS/SSL server. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119189_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119189>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2834_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834>)** \nDESCRIPTION:** Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service. \nCVSS Base Score: 8.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2182_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2182>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds write in the TS_OBJ_print_bio function in crypto/bn/bn_print.c. A remote attacker could exploit this vulnerability using a specially crafted value to cause the application to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116342_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116342>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2181_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2181>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an error in the DTLS replay protection implementation. By sending a specially crafted sequence number, a remote attacker could exploit this vulnerability to cause valid packets to be dropped. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116344_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116344>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2180_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2180>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read in the TS_OBJ_print_bio function. A remote attacker could exploit this vulnerability using a specially crafted time-stamp file to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115829_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115829>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2179_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2179>)** \nDESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted DTLS record fragments to fill up buffer queues, a remote attacker could exploit this vulnerability to open a large number of simultaneous connections and consume all available memory resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116343_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116343>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-2178_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2178>)** \nDESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the DSA implementation that allows the following of a non-constant time codepath for certain operations. An attacker could exploit this vulnerability using a cache-timing attack to recover the private DSA key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-1248_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1248>)** \nDESCRIPTION:** Vim could allow a local attacker to execute arbitrary code on the system, caused by the improper validation of the ''filetype'', ''syntax'' and ''keymap'' options. By using a specially-crafted filee with a malicious modeline, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119191_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119191>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-0787_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787>)** \nDESCRIPTION:** libssh2 could provide weaker than expected security, caused by a type confusion error during the SSHv2 handshake resulting in the generation of a reduced amount of random bits for Diffie-Hellman. An attacker could exploit this vulnerability using the truncated Diffie-Hellman secret to launch further attacks on the system. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111562_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111562>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0772_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0772>)** \nDESCRIPTION:** Python''s smtplib library is vulnerable to a stripping attack. An exception isn''t returned by the Python''s smtplib library if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with man-in-the-middle ability could exploit this vulnerability to strip out the STARTTLS command without generating an exception on the python SMTP client application and prevent the establishment of the TLS layer. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114287_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114287>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [_CVE-2016-0718_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718>)** \nDESCRIPTION:** Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By using the Expat library, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the victim or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-7940_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940>)** \nDESCRIPTION:** Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid curve attack to extract private keys used in elliptic curve cryptography and obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107739_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107739>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2575_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2575>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle MySQL Connectors related to the Connector/J component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102348_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102348>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0254_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0254>)** \nDESCRIPTION:** Apache Standard Taglibs could allow a remote attacker to execute arbitrary code on the system, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101550_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101550>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9653_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>)** \nDESCRIPTION:** file could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in readelf.c. By persuading a victim to open a specially-crafted elf file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100749_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100749>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [_CVE-2014-9620_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>)** \nDESCRIPTION:** File is vulnerable to a denial of service, caused by an error in the ELF parser. A remote attacker could exploit this vulnerability using an overly long string to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100258_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100258>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8117_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8117>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the softmagic.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99419_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99419>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-8116_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8116>)** \nDESCRIPTION:** file(1) is vulnerable to a denial of service, caused by an error in the readelf.c file. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99418_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99418>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3710_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3710>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an out-of-bounds read in the donote() function. By persuading a victim to open a specially-crafted elf file, a remote attacker could exploit this vulnerability to cause the executable to crash. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/98385_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/98385>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3587_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>)** \nDESCRIPTION:** PHP is vulnerable to a denial of service, caused by an incomplete fix related to the cdf_read_property_info() function. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95408_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95408>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0, 10.0.1, 10.1, 10.1.2, 10.1.3\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium| 10.0-10.1.3| [www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&amp;includeSupersedes=0&amp;source=fc](<www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p400_GPU_Dec-2017-V10.1.4&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n12/19/17: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSMPHH\",\"label\":\"IBM Security Guardium\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"10.0;10.0.1;10.1;10.1.2;10.1.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-06-16T22:03:01", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3584", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653", "CVE-2015-0254", "CVE-2015-2575", "CVE-2015-7940", "CVE-2016-0718", "CVE-2016-0772", "CVE-2016-0787", "CVE-2016-1248", "CVE-2016-2178", "CVE-2016-2179", "CVE-2016-2180", "CVE-2016-2181", "CVE-2016-2182", "CVE-2016-2834", "CVE-2016-5285", "CVE-2016-5408", "CVE-2016-5424", "CVE-2016-5699", "CVE-2016-6302", "CVE-2016-6304", "CVE-2016-6306", "CVE-2016-6313", "CVE-2016-7032", "CVE-2016-7076", "CVE-2016-7117", "CVE-2016-7426", "CVE-2016-7429", "CVE-2016-7433", "CVE-2016-7545", "CVE-2016-8635", "CVE-2016-9147", "CVE-2016-9310", "CVE-2016-9311"], "modified": "2018-06-16T22:03:01", "id": "233226C0332001C81596C237819F64BB35F4B49297346F216B4DC90C72D26485", "href": "https://www.ibm.com/support/pages/node/297165", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T18:39:26", "description": "The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kalu\u017ea (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.", "cvss3": {}, "published": "2016-05-10T06:42:18", "type": "redhat", "title": "(RHSA-2016:0760) Moderate: file security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2018-06-06T16:24:22", "id": "RHSA-2016:0760", "href": "https://access.redhat.com/errata/RHSA-2016:0760", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T16:06:30", "description": "**CentOS Errata and Security Advisory** CESA-2016:0760\n\n\nThe file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats.\n\nSecurity Fix(es):\n\n* Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538)\n\n* A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587)\n\n* Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653)\n\nRed Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kalu\u017ea (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security).\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-May/015695.html\n\n**Affected packages:**\nfile\nfile-devel\nfile-libs\nfile-static\npython-magic\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:0760", "cvss3": {}, "published": "2016-05-16T10:13:44", "type": "centos", "title": "file, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2016-05-16T10:13:44", "id": "CESA-2016:0760", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2016-May/015695.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-06-04T20:20:39", "description": "[5.04-30]\n- fix CVE-2014-3538 (unrestricted regular expression matching)\n[5.04-29]\n- fix #1284826 - try to read ELF header to detect corrupted one\n[5.04-28]\n- fix #1263987 - fix bugs found by coverity in the patch\n[5.04-27]\n- fix CVE-2014-3587 (incomplete fix for CVE-2012-1571)\n- fix CVE-2014-3710 (out-of-bounds read in elf note headers)\n- fix CVE-2014-8116 (multiple DoS issues (resource consumption))\n- fix CVE-2014-8117 (denial of service issue (resource consumption))\n- fix CVE-2014-9620 (limit the number of ELF notes processed)\n- fix CVE-2014-9653 (malformed elf file causes access to uninitialized memory)\n[5.04-26]\n- fix #809898 - add support for detection of Python 2.7 byte-compiled files\n[5.04-25]\n- fix #1263987 - fix coredump execfn detection on ppc64 and s390\n[5.04-24]\n- fix #966953 - include msooxml file in magic.mgc generation\n[5.04-23]\n- fix #966953 - increate the strength of MSOOXML magic patterns\n[5.04-22]\n- fix #1169509 - add support for Java 1.7 and 1.8\n- fix #1243650 - comment out too-sensitive Pascal magic\n- fix #1080453 - remove .orig files from magic directory\n- fix #1161058 - add support for EPUB\n- fix #1162149 - remove parts of patches patching .orig files\n- fix #1154802 - fix detection of zip files containing file named 'mime'\n- fix #1246073 - fix detection UTF8 and UTF16 encoded XML files\n- fix #1263987 - add new 'execfn' to coredump output to show the real name of\n executable which generated the coredump\n- fix #809898 - add support for detection of Python 3.2-3.5 byte-compiled files\n- fix #966953 - backport support for MSOOXML", "cvss3": {}, "published": "2016-05-12T00:00:00", "type": "oraclelinux", "title": "file security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2012-1571", "CVE-2014-3538", "CVE-2014-3587", "CVE-2014-3710", "CVE-2014-8116", "CVE-2014-8117", "CVE-2014-9620", "CVE-2014-9653"], "modified": "2016-05-12T00:00:00", "id": "ELSA-2016-0760", "href": "http://linux.oracle.com/errata/ELSA-2016-0760.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}