squashfs-tools: Multiple Vulnerabilities. Remote host affected by squashfs-tools 4.5 vulnerabilities
Reporter | Title | Published | Views | Family All 154 |
---|---|---|---|---|
![]() | Debian DLA-2789-1 : squashfs-tools - LTS security update | 21 Oct 202100:00 | – | nessus |
![]() | EulerOS Virtualization 3.0.6.6 : squashfs-tools (EulerOS-SA-2022-1147) | 12 Feb 202200:00 | – | nessus |
![]() | Oracle Linux 8 : squashfs-tools (ELSA-2024-3139) | 28 May 202400:00 | – | nessus |
![]() | Ubuntu 16.04 ESM : Squashfs-Tools vulnerabilities (USN-5078-2) | 15 Sep 202100:00 | – | nessus |
![]() | EulerOS 2.0 SP3 : squashfs-tools (EulerOS-SA-2022-1189) | 23 Feb 202200:00 | – | nessus |
![]() | Photon OS 3.0: Squashfs PHSA-2022-3.0-0375 | 24 Jul 202400:00 | – | nessus |
![]() | EulerOS Virtualization 2.10.0 : squashfs-tools (EulerOS-SA-2022-1414) | 18 Apr 202200:00 | – | nessus |
![]() | EulerOS 2.0 SP10 : squashfs-tools (EulerOS-SA-2022-1216) | 25 Feb 202200:00 | – | nessus |
![]() | CentOS 8 : squashfs-tools (CESA-2024:3139) | 22 May 202400:00 | – | nessus |
![]() | EulerOS 2.0 SP8 : squashfs-tools (EulerOS-SA-2021-2814) | 25 Dec 202100:00 | – | nessus |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202305-29.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('compat.inc');
if (description)
{
script_id(176469);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/30");
script_cve_id("CVE-2021-40153", "CVE-2021-41072");
script_name(english:"GLSA-202305-29 : squashfs-tools: Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202305-29 (squashfs-tools: Multiple Vulnerabilities)
- squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is
then used by unsquashfs to create the new file during the unsquash. The filename is not validated for
traversal outside of the destination directory, and thus allows writing to locations outside of the
destination. (CVE-2021-40153)
- squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different
vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link
and then contents under the same filename in a filesystem can cause unsquashfs to first create the
symbolic link pointing outside the expected directory, and then the subsequent write operation will cause
the unsquashfs process to write through the symbolic link elsewhere in the filesystem. (CVE-2021-41072)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202305-29");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=810706");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=813654");
script_set_attribute(attribute:"solution", value:
"All squashfs-tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose >=sys-fs/squashfs-tools-4.5_p20210914");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41072");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/27");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:squashfs-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include('qpkg.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var flag = 0;
var packages = [
{
'name' : 'sys-fs/squashfs-tools',
'unaffected' : make_list("ge 4.5_p20210914"),
'vulnerable' : make_list("lt 4.5_p20210914")
}
];
foreach var package( packages ) {
if (isnull(package['unaffected'])) package['unaffected'] = make_list();
if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : qpkg_report_get()
);
exit(0);
}
else
{
qpkg_tests = list_uniq(qpkg_tests);
var tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'squashfs-tools');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo