Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2016-715.NASL
HistoryJun 15, 2016 - 12:00 a.m.

openSUSE Security Update : nodejs (openSUSE-2016-715)

2016-06-1500:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

This update for nodejs to version 4.4.5 fixes the several issues.

These security issues introduced by the bundled openssl were fixed by going to version 1.0.2h :

  • CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider memory allocation during a certain padding check, which allowed remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session (bsc#977616).

  • CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data (bsc#977614).

  • CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL allowed remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key (bsc#968047).

  • CVE-2016-0797: Multiple integer overflows in OpenSSL allowed remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c (bsc#968048).

  • CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL did not properly consider cache-bank access times during modular exponentiation, which made it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a ‘CacheBleed’ attack (bsc#968050).

These non-security issues were fixed :

  • Fix faulty ‘if’ condition (string cannot equal a boolean).

  • buffer: Buffer no longer errors if you call lastIndexOf with a search term longer than the buffer.

  • contextify: Context objects are now properly garbage collected, this solves a problem some individuals were experiencing with extreme memory growth.

  • Update npm to 2.15.5.

  • http: Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999.

    • deps: Fix --gdbjit for embedders. Backported from v8 upstream.

    • querystring: Restore throw when attempting to stringify bad surrogate pair.

  • https: Under certain conditions SSL sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case.

    • lib: The way that we were internally passing arguments was causing a potential leak. By copying the arguments into an array we can avoid this.

    • repl: Previously if you were using the repl in strict mode the column number would be wrong in a stack trace.
      This is no longer an issue.

    • deps: An update to v8 that introduces a new flag
      –perf_basic_prof_only_functions.

  • http: A new feature in http(s) agent that catches errors on keep alived connections.

    • src: Better support for big-endian systems.

    • tls: A new feature that allows you to pass common SSL options to tls.createSecurePair.

    • build: Support python path that includes spaces.

  • https: A potential fix for #3692 (HTTP/HTTPS client requests throwing EPROTO).

    • installer: More readable profiling information from isolate tick logs.

    • process: Add support for symbols in event emitters (symbols didn’t exist when it was written).

    • querystring: querystring.parse() is now 13-22% faster!

    • streams: Performance improvements for moving small buffers that shows a 5% throughput gain. IoT projects have been seen to be as much as 10% faster with this change!

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-715.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91618);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-0702", "CVE-2016-0705", "CVE-2016-0797", "CVE-2016-2105", "CVE-2016-2107");

  script_name(english:"openSUSE Security Update : nodejs (openSUSE-2016-715)");
  script_summary(english:"Check for the openSUSE-2016-715 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for nodejs to version 4.4.5 fixes the several issues.

These security issues introduced by the bundled openssl were fixed by
going to version 1.0.2h :

  - CVE-2016-2107: The AES-NI implementation in OpenSSL did
    not consider memory allocation during a certain padding
    check, which allowed remote attackers to obtain
    sensitive cleartext information via a padding-oracle
    attack against an AES CBC session (bsc#977616).

  - CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate
    function in crypto/evp/encode.c in OpenSSL allowed
    remote attackers to cause a denial of service (heap
    memory corruption) via a large amount of binary data
    (bsc#977614).

  - CVE-2016-0705: Double free vulnerability in the
    dsa_priv_decode function in crypto/dsa/dsa_ameth.c in
    OpenSSL allowed remote attackers to cause a denial of
    service (memory corruption) or possibly have unspecified
    other impact via a malformed DSA private key
    (bsc#968047).

  - CVE-2016-0797: Multiple integer overflows in OpenSSL
    allowed remote attackers to cause a denial of service
    (heap memory corruption or NULL pointer dereference) or
    possibly have unspecified other impact via a long digit
    string that is mishandled by the (1) BN_dec2bn or (2)
    BN_hex2bn function, related to crypto/bn/bn.h and
    crypto/bn/bn_print.c (bsc#968048).

  - CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF
    function in crypto/bn/bn_exp.c in OpenSSL did not
    properly consider cache-bank access times during modular
    exponentiation, which made it easier for local users to
    discover RSA keys by running a crafted application on
    the same Intel Sandy Bridge CPU core as a victim and
    leveraging cache-bank conflicts, aka a 'CacheBleed'
    attack (bsc#968050).

These non-security issues were fixed :

  - Fix faulty 'if' condition (string cannot equal a
    boolean).

  - buffer: Buffer no longer errors if you call lastIndexOf
    with a search term longer than the buffer.

  - contextify: Context objects are now properly garbage
    collected, this solves a problem some individuals were
    experiencing with extreme memory growth.

  - Update npm to 2.15.5.

- http: Invalid status codes can no longer be sent. Limited to 3 digit numbers between 100 - 999.

  - deps: Fix --gdbjit for embedders. Backported from v8
    upstream.

  - querystring: Restore throw when attempting to stringify
    bad surrogate pair.

- https: Under certain conditions SSL sockets may have been causing a memory leak when keepalive is enabled. This is no longer the case.

  - lib: The way that we were internally passing arguments
    was causing a potential leak. By copying the arguments
    into an array we can avoid this.

  - repl: Previously if you were using the repl in strict
    mode the column number would be wrong in a stack trace.
    This is no longer an issue.

  - deps: An update to v8 that introduces a new flag
    --perf_basic_prof_only_functions.

- http: A new feature in http(s) agent that catches errors on keep alived connections.

  - src: Better support for big-endian systems.

  - tls: A new feature that allows you to pass common SSL
    options to tls.createSecurePair.

  - build: Support python path that includes spaces.

- https: A potential fix for #3692
  (HTTP/HTTPS client requests throwing EPROTO).

  - installer: More readable profiling information from
    isolate tick logs.

  - process: Add support for symbols in event emitters
    (symbols didn't exist when it was written).

  - querystring: querystring.parse() is now 13-22% faster!

  - streams: Performance improvements for moving small
    buffers that shows a 5% throughput gain. IoT projects
    have been seen to be as much as 10% faster with this
    change!"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968047"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=968050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977614"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=977616"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected nodejs packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:npm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"nodejs-4.4.5-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"nodejs-debuginfo-4.4.5-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"nodejs-debugsource-4.4.5-18.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"nodejs-devel-4.4.5-18.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"nodejs-4.4.5-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"nodejs-debuginfo-4.4.5-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"nodejs-debugsource-4.4.5-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"nodejs-devel-4.4.5-27.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"npm-4.4.5-27.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs / nodejs-debuginfo / nodejs-debugsource / nodejs-devel / npm");
}
VendorProductVersionCPE
novellopensusenodejsp-cpe:/a:novell:opensuse:nodejs
novellopensusenodejs-debuginfop-cpe:/a:novell:opensuse:nodejs-debuginfo
novellopensusenodejs-debugsourcep-cpe:/a:novell:opensuse:nodejs-debugsource
novellopensusenodejs-develp-cpe:/a:novell:opensuse:nodejs-devel
novellopensusenpmp-cpe:/a:novell:opensuse:npm
novellopensuse13.2cpe:/o:novell:opensuse:13.2
novellopensuse42.1cpe:/o:novell:opensuse:42.1

Related

openvas 38
suse 13
nessus 41
freebsd 2
ibm 62
redhat 2
oraclelinux 4
cloudfoundry 2
centos 1
ubuntu 2
fedora 7
aix 1
nodejsblog 1
mageia 2
slackware 1
altlinux 9
archlinux 2
debian 1
amazon 2
osv 1
freebsd_advisory 2
gentoo 1
paloalto 1
arista 1
openvas
openvas
openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:1566-1)
2016-06-15 00:00:00
RedHat Update for openssl RHSA-2016:0301-01
2016-03-02 00:00:00
Oracle: Security Advisory (ELSA-2016-0301)
2016-03-02 00:00:00
suse
suse
Security update for nodejs (important)
2016-06-14 11:08:26
Security update for openssl (important)
2016-03-02 12:11:42
Security update for openssl (important)
2016-05-04 18:09:44
nessus
nessus
FreeBSD : node -- multiple vulnerabilities (6d33b3e5-ea03-11e5-85be-14dae9d210b8)
2016-03-15 00:00:00
OracleVM 3.3 : openssl (OVMSA-2016-0031)
2016-03-02 00:00:00
Oracle Linux 6 / 7 : openssl (ELSA-2016-0301) (DROWN)
2016-03-02 00:00:00
freebsd
freebsd
node -- multiple vulnerabilities
2016-03-02 00:00:00
FreeBSD -- Multiple OpenSSL vulnerabilities
2016-03-10 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium
2018-06-16 21:43:48
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application
2018-12-08 04:55:34
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Clie
2018-12-08 04:55:34
redhat
redhat
(RHSA-2016:0379) Important: rhev-hypervisor security, bug fix and enhancement update
2016-03-09 00:00:00
(RHSA-2016:0301) Important: openssl security update
2016-03-01 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-03-01 00:00:00
openssl security update
2016-05-09 00:00:00
openssl security update
2016-05-12 00:00:00
cloudfoundry
cloudfoundry
USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
USN-2959-1 OpenSSL vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
centos
centos
openssl security update
2016-03-01 16:09:29
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-03-01 00:00:00
OpenSSL vulnerabilities
2016-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: openssl-1.0.1k-14.fc22
2016-03-13 09:57:52
[SECURITY] Fedora 23 Update: openssl-1.0.2g-2.fc23
2016-03-03 20:27:06
[SECURITY] Fedora 23 Update: mingw-openssl-1.0.2h-1.fc23
2016-05-21 00:02:56
aix
aix
Multiple vulnerabilities in OpenSSL affect AIX
2016-04-04 11:04:25
nodejsblog
nodejsblog
OpenSSL updates, 1.0.2g and 1.0.1s
2016-02-29 00:00:00
mageia
mageia
Updated openssl packages fix security vulnerabilities
2016-03-02 21:28:46
Updated openssl packages fix security vulnerability
2016-05-08 00:22:48
slackware
slackware
[slackware-security] openssl
2016-03-03 06:56:40
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2g-alt1
2016-03-01 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.2g-alt1
2016-03-01 00:00:00
Security fix for the ALT Linux 7 package openssl10 version 1.0.1s-alt0.M70P.1
2016-03-02 00:00:00
archlinux
archlinux
openssl: multiple issues
2016-03-07 00:00:00
lib32-openssl: multiple issues
2016-03-07 00:00:00
debian
debian
[SECURITY] [DSA 3500-1] openssl security update
2016-03-01 14:34:35
amazon
amazon
Important: openssl
2016-03-10 16:30:00
Important: openssl
2016-05-03 10:30:00
osv
osv
openssl - security update
2016-03-01 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:12.openssl
2016-03-10 00:00:00
FreeBSD-SA-16:17.openssl
2016-05-04 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-03-20 00:00:00
paloalto
paloalto
OpenSSL Vulnerabilities
2016-09-02 00:00:00
arista
arista
Security Advisory 0018
2016-03-01 00:00:00
JSON
Related for OPENSUSE-2016-715.NASL
openvas38suse13nessus41freebsd2ibm62redhat2oraclelinux4cloudfoundry2centos1ubuntu2fedora7aix1nodejsblog1mageia2slackware1altlinux9archlinux2debian1amazon2osv1freebsd_advisory2gentoo1paloalto1arista1