Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2017-A253644369.NASL
HistoryDec 11, 2017 - 12:00 a.m.

Fedora 26 : linux-firmware (2017-a253644369)

2017-12-1100:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
81
JSON

  • Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430

    • Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417

  • Updated Intel GPU, amdgpu, iwlwifi, mvebu wifi, liquidio, QCom a530 & Venus, mlxsw, qed

  • Add iwlwifi 9000 series

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-a253644369.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(105133);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2016-0801", "CVE-2017-0561", "CVE-2017-9417");
  script_xref(name:"FEDORA", value:"2017-a253644369");

  script_name(english:"Fedora 26 : linux-firmware (2017-a253644369)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430

  - Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417

----

  - Updated Intel GPU, amdgpu, iwlwifi, mvebu wifi,
    liquidio, QCom a530 & Venus, mlxsw, qed

  - Add iwlwifi 9000 series

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-a253644369"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-firmware package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:linux-firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC26", reference:"linux-firmware-20171126-80.git17e62881.fc26")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-firmware");
}
VendorProductVersionCPE
fedoraprojectfedoralinux-firmwarep-cpe:/a:fedoraproject:fedora:linux-firmware
fedoraprojectfedora26cpe:/o:fedoraproject:fedora:26

Related

openvas 9
nessus 10
fedora 2
mageia 1
osv 1
debian 1
apple 22
debiancve 3
prion 3
cve 3
chrome 2
huawei 1
mscve 1
zdt 3
android 3
exploitpack 1
packetstorm 1
ubuntucve 2
seebug 2
exploitdb 1
threatpost 4
thn 3
androidsecurity 3
kaspersky 1
mskb 1
talosblog 1
trendmicroblog 1
openvas
openvas
Fedora Update for linux-firmware FEDORA-2017-355ac8a91a
2017-12-10 00:00:00
Fedora Update for linux-firmware FEDORA-2017-a253644369
2017-12-10 00:00:00
Huawei EulerOS: Security Advisory for linux-firmware (EulerOS-SA-2020-1997)
2020-09-29 00:00:00
nessus
nessus
Fedora 27 : linux-firmware (2017-355ac8a91a)
2018-01-15 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : linux-firmware (EulerOS-SA-2020-1997)
2020-09-29 00:00:00
Debian DLA-1573-1 : firmware-nonfree security update (KRACK)
2018-11-13 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: linux-firmware-20171126-80.git17e62881.fc26
2017-12-09 22:29:28
[SECURITY] Fedora 27 Update: linux-firmware-20171126-80.git17e62881.fc27
2017-12-10 05:11:11
mageia
mageia
Updated nonfree firmwares fixes security issues and adds new hw support
2017-12-28 16:16:56
osv
osv
firmware-nonfree - security update
2018-11-10 00:00:00
debian
debian
[SECURITY] [DLA 1573-1] firmware-nonfree security update
2018-11-13 01:33:10
apple
apple
About the security content of Wi-Fi Update for Boot Camp 6.1
2017-07-19 00:00:00
About the security content of Wi-Fi Update for Boot Camp 6.1 - Apple Support
2017-07-21 10:20:15
About the security content of Apple TV Software 7.3 - Apple Support
2019-05-13 05:23:03
debiancve
debiancve
CVE-2017-9417
2017-06-04 21:29:00
CVE-2016-0801
2016-02-07 01:59:00
CVE-2017-0561
2017-04-07 22:59:00
prion
prion
Design/Logic Flaw
2017-06-04 21:29:00
Memory corruption
2016-02-07 01:59:00
Remote code execution
2017-04-07 22:59:00
cve
cve
CVE-2017-9417
2017-06-04 21:29:00
CVE-2016-0801
2016-02-07 01:59:00
CVE-2017-0561
2017-04-07 22:59:00
chrome
chrome
Stable Channel Update for Chrome OS
2017-08-02 00:00:00
Stable Channel Update for Chrome OS
2017-05-02 00:00:00
huawei
huawei
Security Advisory - BroadPwn Remote Code Execute Vulnerability
2017-07-27 00:00:00
mscve
mscve
Broadcom BCM43xx Remote Code Execution Vulnerability
2017-09-12 07:00:00
zdt
zdt
Broadcom BCM43xx Wi-Fi - BroadPWN Denial of Service Exploit
2018-03-09 00:00:00
Broadcom Wi-Fi SoC - TDLS Teardown Request Remote Heap Overflow Exploit
2017-04-05 00:00:00
Broadcom Wi-Fi SoC - Heap Overflow in wlc_tdls_cal_mic_chk Due to Large RSN IE in TDLS Setup Confirm
2017-04-05 00:00:00
android
android
CVE-2017-9417
2017-07-01 00:00:00
CVE-2016-0801
2016-02-01 00:00:00
CVE-2017-0561
2017-04-01 00:00:00
exploitpack
exploitpack
Google Android Broadcom Wi-Fi Driver - Memory Corruption
2016-05-11 00:00:00
packetstorm
packetstorm
Android Broadcom Wi-Fi Driver Memory Corruption
2016-05-11 00:00:00
ubuntucve
ubuntucve
CVE-2016-0801
2016-02-07 00:00:00
CVE-2017-0561
2017-04-07 00:00:00
seebug
seebug
Broadcom: Heap overflow in "wlc_tdls_cal_mic_chk" due to large RSN IE in TDLS Setup Confirm frame (CVE-2017-0561)
2017-04-05 00:00:00
Broadcom: Heap overflow in TDLS Teardown Request while handling Fast Transition IE (CVE-2017-0561)
2017-04-05 00:00:00
exploitdb
exploitdb
Google Android Broadcom Wi-Fi Driver - Memory Corruption
2016-05-11 00:00:00
threatpost
threatpost
Google Patches Critical 'Broadpwn' Bug in July Security Update
2017-07-06 12:30:16
February 2016 Android Nexus Security Bulletin
2016-02-01 14:00:38
Apple Patches 'BroadPwn' Bug in iOS 10.3.3
2017-07-20 14:08:46
thn
thn
Millions of Android Devices Using Broadcom Wi-Fi Chip Can Be Hacked Remotely
2017-07-06 20:29:00
Immediately Patch Windows 0-Day Flaw That's Being Used to Spread Spyware
2017-09-13 00:09:00
Google Patches Critical Remotely-exploitable Flaws in Latest Android Update
2016-02-01 20:26:00
androidsecurity
androidsecurity
Nexus Security Bulletin - February 2016
2016-02-01 00:00:00
Android Security Bulletinโ€”April 2017
2017-04-03 00:00:00
Android Security Bulletinโ€”July 2017
2017-07-05 00:00:00
kaspersky
kaspersky
KLA11099 Multiple vulnerabilities in Microsoft Windows
2017-09-12 00:00:00
mskb
mskb
September 12, 2017โ€”KB4038782 (OS Build 14393.1715)
2017-09-12 07:00:00
talosblog
talosblog
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage โ€“ Week of September 11, 2017
2017-09-15 14:59:53
JSON
Related for FEDORA_2017-A253644369.NASL
openvas9nessus10fedora2mageia1osv1debian1apple22debiancve3prion3cve3chrome2huawei1mscve1zdt3android3exploitpack1packetstorm1ubuntucve2seebug2exploitdb1threatpost4thn3androidsecurity3kaspersky1mskb1talosblog1trendmicroblog1