Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202406-01.NASL
HistoryJun 22, 2024 - 12:00 a.m.

GLSA-202406-01 : GLib: Privilege Escalation

2024-06-2200:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
glib
privilege escalation
gentoo
scanner

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON

The remote host is affected by the vulnerability described in GLSA-202406-01 (GLib: Privilege Escalation)

A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for     details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202406-01.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(200861);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/22");

  script_cve_id("CVE-2024-34397");

  script_name(english:"GLSA-202406-01 : GLib: Privilege Escalation");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202406-01 (GLib: Privilege Escalation)

    A vulnerability has been discovered in GLib. Please review the CVE identifier referenced below for
    details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202406-01");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=931507");
  script_set_attribute(attribute:"solution", value:
"All GLib users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=dev-libs/glib-2.78.6");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-34397");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include('qpkg.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : 'dev-libs/glib',
    'unaffected' : make_list("ge 2.78.6"),
    'vulnerable' : make_list("lt 2.78.6")
  }
];

foreach var package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'GLib');
}
VendorProductVersionCPE
gentoolinuxcpe:/o:gentoo:linux
gentoolinuxglibp-cpe:/a:gentoo:linux:glib

Related

openvas 12
fedora 6
nessus 14
ubuntu 1
debiancve 1
osv 4
debian 2
cve 1
redhatcve 1
vulnrichment 1
cvelist 1
gentoo 1
cloudfoundry 1
alpinelinux 1
redos 1
nvd 1
ubuntucve 1
photon 2
hp 1
openvas
openvas
Ubuntu: Security Advisory (USN-6768-1)
2024-05-10 00:00:00
Fedora: Security Advisory for glib2 (FEDORA-2024-635a54eb7e)
2024-05-27 00:00:00
openSUSE: Security Advisory for glib2 (SUSE-SU-2024:1950-1)
2024-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: mingw-glib2-2.78.5-1.fc39
2024-05-16 01:09:41
[SECURITY] Fedora 39 Update: gnome-shell-45.6-2.fc39
2024-05-14 03:28:46
[SECURITY] Fedora 40 Update: glib2-2.80.2-1.fc40
2024-05-12 04:18:59
nessus
nessus
Debian dla-3814 : libglib2.0-0 - security update
2024-05-14 00:00:00
Fedora 40 : mingw-glib2 (2024-2ce1c754f7)
2024-05-16 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : GLib vulnerability (USN-6768-1)
2024-05-09 00:00:00
ubuntu
ubuntu
GLib vulnerability
2024-05-09 00:00:00
debiancve
debiancve
CVE-2024-34397
2024-05-07 18:15:08
osv
osv
CVE-2024-34397
2024-05-07 18:15:08
glib2.0 - security update
2024-05-07 00:00:00
glib2.0 vulnerability
2024-05-09 13:13:10
debian
debian
[SECURITY] [DLA 3814-1] glib2.0 security update
2024-05-13 21:26:32
[SECURITY] [DSA 5682-1] glib2.0 security update
2024-05-07 19:53:30
cve
cve
CVE-2024-34397
2024-05-07 18:15:08
redhatcve
redhatcve
CVE-2024-34397
2024-05-07 20:27:56
vulnrichment
vulnrichment
CVE-2024-34397
2024-05-07 00:00:00
cvelist
cvelist
CVE-2024-34397
2024-05-07 00:00:00
gentoo
gentoo
GLib: Privilege Escalation
2024-06-22 00:00:00
cloudfoundry
cloudfoundry
USN-6768-1: GLib vulnerability | Cloud Foundry
2024-05-30 00:00:00
alpinelinux
alpinelinux
CVE-2024-34397
2024-05-07 18:15:08
redos
redos
ROS-20240606-02
2024-06-06 00:00:00
nvd
nvd
CVE-2024-34397
2024-05-07 18:15:08
ubuntucve
ubuntucve
CVE-2024-34397
2024-05-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0628
2024-06-11 00:00:00
Important Photon OS Security Update - PHSA-2024-5.0-0291
2024-06-12 00:00:00
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON
Related for GENTOO_GLSA-202406-01.NASL
openvas12fedora6nessus14ubuntu1debiancve1osv4debian2cve1redhatcve1vulnrichment1cvelist1gentoo1cloudfoundry1alpinelinux1redos1nvd1ubuntucve1photon2hp1