Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

GLSA-201812-08 : Scala: Privilege escalation

🗓️ 17 Dec 2018 00:00:00Reported by This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus
 nessus🔗 www.tenable.com👁 21 Views

The remote Gentoo host is missing one or more security-related patches. Scala: Privilege escalation vulnerability

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OSV		CVE-2017-15288
15 Nov 201716:29
osv
OSV		High severity vulnerability that affects org.scala-lang:scala-compiler
19 Oct 201816:51
osv
RedhatCVE		CVE-2017-15288
23 Nov 201715:19
redhatcve
0day.today		Scala 2.x Privilege Escalation Vulnerability
15 Nov 201700:00
zdt
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products
7 Sep 202306:42
ibm
Prion		Design/Logic Flaw
15 Nov 201716:29
prion
Cvelist		CVE-2017-15288
15 Nov 201716:00
cvelist
Gentoo Linux		Scala: Privilege escalation
15 Dec 201800:00
gentoo
Veracode		Arbitrary Code Execution
15 Nov 201707:13
veracode
Debian CVE		CVE-2017-15288
15 Nov 201716:29
debiancve
Rows per page
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201812-08.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(119704);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/15");

  script_cve_id("CVE-2017-15288");
  script_xref(name:"GLSA", value:"201812-08");

  script_name(english:"GLSA-201812-08 : Scala: Privilege escalation");

  script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201812-08
(Scala: Privilege escalation)

    It was discovered that Scala’s compilation daemon does not properly
      manage permissions for private files.
  
Impact :

    A local attacker could escalate privileges.
  
Workaround :

    There is no known workaround at this time.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201812-08");
  script_set_attribute(attribute:"solution", value:
"All Scala users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-lang/scala-2.12.4'");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15288");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:scala");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-lang/scala", unaffected:make_list("ge 2.12.4"), vulnerable:make_list("lt 2.12.4"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Scala");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Dec 2018 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS27.2
CVSS37.8
EPSS0.0004
gentooscalaprivilege escalationcve-2017-15288security advisory
21
.json
Report