Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2021-0147_LIBVPX.NASLHistoryOct 27, 2021 - 12:00 a.m.
NewStart CGSL CORE 5.05 / MAIN 5.05 : libvpx Multiple Vulnerabilities (NS-SA-2021-0147)
2021-10-2700:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libvpx packages installed that are affected by multiple vulnerabilities:
-
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808. (CVE-2017-0393)
-
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)
-
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)
-
In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)
Note that Nessus has not tested for this issue but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2021-0147. The text
# itself is copyright (C) ZTE, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(154441);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/10/27");
script_cve_id(
"CVE-2017-0393",
"CVE-2019-9232",
"CVE-2019-9433",
"CVE-2020-0034"
);
script_name(english:"NewStart CGSL CORE 5.05 / MAIN 5.05 : libvpx Multiple Vulnerabilities (NS-SA-2021-0147)");
script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libvpx packages installed that are affected by
multiple vulnerabilities:
- A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a
specially crafted file to cause a device hang or reboot. This issue is rated as High due to the
possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1. Android ID: A-30436808. (CVE-2017-0393)
- In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote
information disclosure with no additional execution privileges needed. User interaction is not needed for
exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 (CVE-2019-9232)
- In libvpx, there is a possible information disclosure due to improper input validation. This could lead to
remote information disclosure with no additional execution privileges needed. User interaction is needed
for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 (CVE-2019-9433)
- In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input
validation. This could lead to remote information disclosure if error correction were turned on, with no
additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770 (CVE-2020-0034)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2021-0147");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2017-0393");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2019-9232");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2019-9433");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-0034");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL libvpx packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0034");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/03");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:libvpx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:libvpx-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:libvpx-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:libvpx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:libvpx-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:libvpx-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_core:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:5");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');
if (release !~ "CGSL CORE 5.05" &&
release !~ "CGSL MAIN 5.05")
audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');
if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);
var flag = 0;
var pkgs = {
'CGSL CORE 5.05': [
'libvpx-1.3.0-8.el7',
'libvpx-devel-1.3.0-8.el7',
'libvpx-utils-1.3.0-8.el7'
],
'CGSL MAIN 5.05': [
'libvpx-1.3.0-8.el7',
'libvpx-devel-1.3.0-8.el7',
'libvpx-utils-1.3.0-8.el7'
]
};
var pkg_list = pkgs[release];
foreach (pkg in pkg_list)
if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libvpx');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zte | cgsl_core | libvpx | p-cpe:/a:zte:cgsl_core:libvpx |
| zte | cgsl_core | libvpx-devel | p-cpe:/a:zte:cgsl_core:libvpx-devel |
| zte | cgsl_core | libvpx-utils | p-cpe:/a:zte:cgsl_core:libvpx-utils |
| zte | cgsl_main | libvpx | p-cpe:/a:zte:cgsl_main:libvpx |
| zte | cgsl_main | libvpx-devel | p-cpe:/a:zte:cgsl_main:libvpx-devel |
| zte | cgsl_main | libvpx-utils | p-cpe:/a:zte:cgsl_main:libvpx-utils |
| zte | cgsl_core | 5 | cpe:/o:zte:cgsl_core:5 |
| zte | cgsl_main | 5 | cpe:/o:zte:cgsl_main:5 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0034
security.gd-linux.com/info/CVE-2017-0393
security.gd-linux.com/info/CVE-2019-9232
security.gd-linux.com/info/CVE-2019-9433
security.gd-linux.com/info/CVE-2020-0034
security.gd-linux.com/notice/NS-SA-2021-0147
Related
nessus
nessus
RHEL 7 : libvpx (RHSA-2020:3876)
2020-09-29 00:00:00
Oracle Linux 7 : libvpx (ELSA-2020-3876)
2020-10-07 00:00:00
CentOS 7 : libvpx (CESA-2020:3876)
2020-10-20 00:00:00
amazon
amazon
Medium: libvpx
2020-11-09 17:10:00
centos
centos
libvpx security update
2020-10-20 18:26:54
redhat
redhat
(RHSA-2020:3876) Moderate: libvpx security update
2020-09-29 07:39:42
(RHSA-2020:4629) Moderate: libvpx security update
2020-11-03 12:21:50
oraclelinux
oraclelinux
libvpx security update
2020-10-06 00:00:00
libvpx security update
2020-11-10 00:00:00
osv
osv
libvpx - security update
2019-11-26 00:00:00
libvpx - security update
2019-11-28 00:00:00
Moderate: libvpx security update
2020-11-03 12:21:50
openvas
openvas
Debian: Security Advisory (DLA-2012-1)
2019-11-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0459-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libvpx (EulerOS-SA-2021-1322)
2021-02-22 00:00:00
debian
debian
[SECURITY] [DLA 2012-1] libvpx security update
2019-11-26 22:31:42
[SECURITY] [DSA 4578-1] libvpx security update
2019-11-28 19:47:56
[SECURITY] [DLA 2136-1] libvpx security update
2020-03-09 18:34:24
ubuntu
ubuntu
libvpx vulnerabilities
2020-07-15 00:00:00
libvpx vulnerabilities
2019-11-25 00:00:00
libvpx vulnerability
2022-09-26 00:00:00
gentoo
gentoo
libvpx: User-assisted execution of arbitrary code
2020-03-26 00:00:00
rocky
rocky
libvpx security update
2020-11-03 12:21:50
almalinux
almalinux
Moderate: libvpx security update
2020-11-03 12:21:50
prion
prion
Out-of-bounds
2019-09-27 19:15:00
Information disclosure
2019-09-27 19:15:00
Denial of service
2017-01-12 20:59:00
ubuntucve
ubuntucve
debiancve
debiancve
suse
suse
Security update for libvpx (important)
2020-01-26 00:00:00
Security update for libvpx (moderate)
2020-05-23 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: libvpx-1.8.2-1.fc31
2020-01-13 02:21:23
[SECURITY] Fedora 30 Update: libvpx-1.8.2-1.fc30
2020-01-24 18:51:39
cve
cve
alpinelinux
alpinelinux
veracode
veracode
Out Of Bounds Read (OOB)
2020-02-26 06:37:35
Information Disclosure
2020-01-16 05:52:55
Information Disclosure
2020-03-12 08:25:22
redhatcve
redhatcve
cloudfoundry
cloudfoundry
USN-4199-1: libvpx vulnerabilities | Cloud Foundry
2019-12-05 00:00:00
threatpost
threatpost
MediaTek Bug Actively Exploited, Affects Millions of Android Devices
2020-03-03 19:02:22
ibm
ibm
androidsecurity
androidsecurity
Android Security BulletinβJanuary 2017
2017-01-03 00:00:00
Android 10 Security Release Notes
2019-08-20 00:00:00
Related for NEWSTART_CGSL_NS-SA-2021-0147_LIBVPX.NASL