Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-00C130636A.NASLHistoryNov 09, 2023 - 12:00 a.m.
Fedora 39 : libnbd (2023-00c130636a)
2023-11-0900:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
fedora 39
libnbd
vulnerability
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-00c130636a advisory.
- A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service. (CVE-2023-5871)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-00c130636a
#
include('compat.inc');
if (description)
{
script_id(185400);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/29");
script_cve_id("CVE-2023-5871");
script_xref(name:"FEDORA", value:"2023-00c130636a");
script_name(english:"Fedora 39 : libnbd (2023-00c130636a)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2023-00c130636a advisory.
- A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block
Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial
of Service. (CVE-2023-5871)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-00c130636a");
script_set_attribute(attribute:"solution", value:
"Update the affected libnbd package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-5871");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/31");
script_set_attribute(attribute:"patch_publication_date", value:"2023/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:39");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libnbd");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^39([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 39', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'libnbd-1.18.1-2.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libnbd');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | libnbd | p-cpe:/a:fedoraproject:fedora:libnbd |
| fedoraproject | fedora | 39 | cpe:/o:fedoraproject:fedora:39 |
Related
openvas
openvas
Fedora: Security Advisory for libnbd (FEDORA-2023-00c130636a)
2023-11-09 00:00:00
openSUSE: Security Advisory for libnbd (SUSE-SU-2023:4463-1)
2024-03-04 00:00:00
redhatcve
redhatcve
CVE-2023-5871
2023-11-01 01:42:58
nessus
nessus
openSUSE 15 Security Update : libnbd (SUSE-SU-2023:4463-1)
2023-11-17 00:00:00
RHEL 9 : libnbd (RHSA-2024:2204)
2024-04-30 00:00:00
Oracle Linux 9 : libnbd (ELSA-2024-2204)
2024-05-06 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: libnbd-1.18.1-2.fc39
2023-11-09 01:22:30
ubuntucve
ubuntucve
CVE-2023-5871
2023-11-27 00:00:00
cve
cve
CVE-2023-5871
2023-11-27 12:15:07
veracode
veracode
Denial Of Service
2023-11-09 09:15:13
debiancve
debiancve
CVE-2023-5871
2023-11-27 12:15:07
prion
prion
Hardcoded credentials
2023-11-27 12:15:00
cvelist
cvelist
CVE-2023-5871 Libnbd: malicious nbd server may crash libnbd
2023-11-27 11:58:44
nvd
nvd
CVE-2023-5871
2023-11-27 12:15:07
oraclelinux
oraclelinux
libnbd security update
2024-05-02 00:00:00
redhat
redhat
(RHSA-2024:2204) Moderate: libnbd security update
2024-04-30 06:15:02
osv
osv
Moderate: libnbd security update
2024-04-30 00:00:00
almalinux
almalinux
Moderate: libnbd security update
2024-04-30 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%
Related for FEDORA_2023-00C130636A.NASL