Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2021-0060_LIBSOLV.NASL
HistoryMar 10, 2021 - 12:00 a.m.

NewStart CGSL MAIN 6.02 : libsolv Vulnerability (NS-SA-2021-0060)

2021-03-1000:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The remote NewStart CGSL host, running version MAIN 6.02, has libsolv packages installed that are affected by a vulnerability:

  • repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. (CVE-2019-20387)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2021-0060. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(147383);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/11");

  script_cve_id("CVE-2019-20387");

  script_name(english:"NewStart CGSL MAIN 6.02 : libsolv Vulnerability (NS-SA-2021-0060)");

  script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.02, has libsolv packages installed that are affected by a
vulnerability:

  - repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last
    schema whose length is less than the length of the input schema. (CVE-2019-20387)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2021-0060");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL libsolv packages. Note that updated packages may not be available yet. Please contact ZTE
for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20387");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/03/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (release !~ "CGSL MAIN 6.02")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

flag = 0;

pkgs = {
  'CGSL MAIN 6.02': [
    'libsolv-0.7.11-1.el8',
    'libsolv-debuginfo-0.7.11-1.el8',
    'libsolv-debugsource-0.7.11-1.el8',
    'libsolv-demo-0.7.11-1.el8',
    'libsolv-demo-debuginfo-0.7.11-1.el8',
    'libsolv-devel-0.7.11-1.el8',
    'libsolv-tools-0.7.11-1.el8',
    'libsolv-tools-debuginfo-0.7.11-1.el8',
    'perl-solv-0.7.11-1.el8',
    'perl-solv-debuginfo-0.7.11-1.el8',
    'python3-solv-0.7.11-1.el8',
    'python3-solv-debuginfo-0.7.11-1.el8',
    'ruby-solv-0.7.11-1.el8',
    'ruby-solv-debuginfo-0.7.11-1.el8'
  ]
};
pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsolv');
}

Related

nessus 8
photon 6
ubuntucve 1
veracode 1
debiancve 1
mageia 1
debian 1
osv 2
almalinux 1
redhatcve 1
prion 1
oraclelinux 1
openvas 1
redhat 12
cve 1
rosalinux 1
ibm 2
nessus
nessus
CentOS 8 : libsolv (CESA-2020:4508)
2021-02-01 00:00:00
Oracle Linux 8 : libsolv (ELSA-2020-4508)
2020-11-12 00:00:00
Debian DLA-2088-1 : libsolv security update
2020-01-31 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0273
2020-02-08 00:00:00
Important Photon OS Security Update - PHSA-2020-0273
2020-02-08 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0205
2020-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2019-20387
2020-01-21 00:00:00
veracode
veracode
Buffer Over-read
2020-01-22 13:43:07
debiancve
debiancve
CVE-2019-20387
2020-01-21 23:15:00
mageia
mageia
Updated libsolv packages fix security vulnerability
2020-03-06 19:13:58
debian
debian
[SECURITY] [DLA 2088-1] libsolv security update
2020-01-30 18:03:13
osv
osv
libsolv - security update
2020-01-30 00:00:00
CVE-2019-20387
2020-01-21 23:15:13
almalinux
almalinux
Moderate: libsolv security, bug fix, and enhancement update
2020-11-03 12:11:02
redhatcve
redhatcve
CVE-2019-20387
2020-01-31 20:39:08
prion
prion
Heap overflow
2020-01-21 23:15:00
oraclelinux
oraclelinux
libsolv security, bug fix, and enhancement update
2020-11-10 00:00:00
openvas
openvas
Debian LTS: Security Advisory for libsolv (DLA-2088-1)
2020-01-31 00:00:00
redhat
redhat
(RHSA-2020:4508) Moderate: libsolv security, bug fix, and enhancement update
2020-11-03 12:11:02
(RHSA-2021:0146) Moderate: Release of OpenShift Serverless 1.12.0
2021-01-14 13:24:22
(RHSA-2021:2021) Moderate: Release of OpenShift Serverless 1.10.2 security update
2021-05-19 02:03:59
cve
cve
CVE-2019-20387
2020-01-21 23:15:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1891
2021-07-02 17:16:49
ibm
ibm
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2021-12-03 18:52:37
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
JSON
Related for NEWSTART_CGSL_NS-SA-2021-0060_LIBSOLV.NASL
nessus8photon6ubuntucve1veracode1debiancve1mageia1debian1osv2almalinux1redhatcve1prion1oraclelinux1openvas1redhat12cve1rosalinux1ibm2