Lucene search

K
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.MANDRIVA_MDVSA-2015-116.NASL
HistoryMar 30, 2015 - 12:00 a.m.

Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:116)

2015-03-3000:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
8

Updated libtasn1 packages fix security vulnerabilities :

Multiple buffer boundary check issues were discovered in libtasn1 library, causing it to read beyond the boundary of an allocated buffer. An untrusted ASN.1 input could cause an application using the library to crash (CVE-2014-3467).

It was discovered that libtasn1 library function asn1_get_bit_der() could incorrectly report negative bit length of the value read from ASN.1 input. This could possibly lead to an out of bounds access in an application using libtasn1, for example in case if application tried to terminate read value with NUL byte (CVE-2014-3468).

A NULL pointer dereference flaw was found in libtasn1’s asn1_read_value_type() / asn1_read_value() function. If an application called the function with a NULL value for an ivalue argument to determine the amount of memory needed to store data to be read from the ASN.1 input, libtasn1 could incorrectly attempt to dereference the NULL pointer, causing an application using the library to crash (CVE-2014-3469).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2015:116. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82369);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-3467", "CVE-2014-3468", "CVE-2014-3469");
  script_xref(name:"MDVSA", value:"2015:116");

  script_name(english:"Mandriva Linux Security Advisory : libtasn1 (MDVSA-2015:116)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated libtasn1 packages fix security vulnerabilities :

Multiple buffer boundary check issues were discovered in libtasn1
library, causing it to read beyond the boundary of an allocated
buffer. An untrusted ASN.1 input could cause an application using the
library to crash (CVE-2014-3467).

It was discovered that libtasn1 library function asn1_get_bit_der()
could incorrectly report negative bit length of the value read from
ASN.1 input. This could possibly lead to an out of bounds access in an
application using libtasn1, for example in case if application tried
to terminate read value with NUL byte (CVE-2014-3468).

A NULL pointer dereference flaw was found in libtasn1's
asn1_read_value_type() / asn1_read_value() function. If an application
called the function with a NULL value for an ivalue argument to
determine the amount of memory needed to store data to be read from
the ASN.1 input, libtasn1 could incorrectly attempt to dereference the
NULL pointer, causing an application using the library to crash
(CVE-2014-3469)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2014-0247.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected lib64tasn1-devel, lib64tasn1_6 and / or
libtasn1-tools packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tasn1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64tasn1_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libtasn1-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64tasn1-devel-3.6-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64tasn1_6-3.6-1.mbs2")) flag++;
if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"libtasn1-tools-3.6-1.mbs2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related for MANDRIVA_MDVSA-2015-116.NASL