Lucene search
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.OPENSUSE-2017-67.NASLHistoryJan 10, 2017 - 12:00 a.m.
openSUSE Security Update : irssi (openSUSE-2017-67)
2017-01-1000:00:00
This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.
www.tenable.com
11
irssi was updated to fix four vulnerabilities that could result in denial of service (remote crash) when connecting to malicious servers or receiving specially crafted data. (boo#1018357)
-
CVE-2017-5193: NULL pointer dereference in the nickcmp function
-
CVE-2017-5194: out of bounds read in certain incomplete control codes
-
CVE-2017-5195: out of bounds read in certain incomplete character sequences
-
CVE-2017-5196: Correct an error when receiving invalid nick message
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-67.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(96385);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-5193", "CVE-2017-5194", "CVE-2017-5195", "CVE-2017-5196");
script_name(english:"openSUSE Security Update : irssi (openSUSE-2017-67)");
script_summary(english:"Check for the openSUSE-2017-67 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"irssi was updated to fix four vulnerabilities that could result in
denial of service (remote crash) when connecting to malicious servers
or receiving specially crafted data. (boo#1018357)
- CVE-2017-5193: NULL pointer dereference in the nickcmp
function
- CVE-2017-5194: out of bounds read in certain incomplete
control codes
- CVE-2017-5195: out of bounds read in certain incomplete
character sequences
- CVE-2017-5196: Correct an error when receiving invalid
nick message"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1018357"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected irssi packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:irssi-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"patch_publication_date", value:"2017/01/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/10");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2|SUSE42\.1|SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1 / 42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.2", reference:"irssi-0.8.21-3.7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"irssi-debuginfo-0.8.21-3.7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"irssi-debugsource-0.8.21-3.7.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"irssi-devel-0.8.21-3.7.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"irssi-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"irssi-debuginfo-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"irssi-debugsource-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"irssi-devel-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"irssi-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"irssi-debuginfo-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"irssi-debugsource-0.8.21-9.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"irssi-devel-0.8.21-9.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irssi / irssi-debuginfo / irssi-debugsource / irssi-devel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | irssi | p-cpe:/a:novell:opensuse:irssi |
| novell | opensuse | irssi-debuginfo | p-cpe:/a:novell:opensuse:irssi-debuginfo |
| novell | opensuse | irssi-debugsource | p-cpe:/a:novell:opensuse:irssi-debugsource |
| novell | opensuse | irssi-devel | p-cpe:/a:novell:opensuse:irssi-devel |
| novell | opensuse | 13.2 | cpe:/o:novell:opensuse:13.2 |
| novell | opensuse | 42.1 | cpe:/o:novell:opensuse:42.1 |
| novell | opensuse | 42.2 | cpe:/o:novell:opensuse:42.2 |
Related
nessus
nessus
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : irssi (SSA:2017-011-03)
2017-01-12 00:00:00
GLSA-201701-45 : irssi: Multiple vulnerabilities
2017-01-20 00:00:00
Fedora 24 : irssi (2017-d2e7217e2a)
2017-01-31 00:00:00
slackware
slackware
[slackware-security] irssi
2017-01-12 01:21:01
archlinux
archlinux
[ASA-201701-14] irssi: multiple issues
2017-01-11 00:00:00
gentoo
gentoo
irssi: Multiple vulnerabilities
2017-01-19 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2017-011-03)
2022-04-21 00:00:00
Fedora Update for irssi FEDORA-2017-d2e7217e2a
2017-02-03 00:00:00
Fedora Update for irssi FEDORA-2017-7f9e997585
2017-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: irssi-0.8.21-1.fc24
2017-01-30 22:18:31
[SECURITY] Fedora 25 Update: irssi-0.8.21-1.fc25
2017-01-30 21:51:17
freebsd
freebsd
Irssi -- multiple vulnerabilities
2017-01-03 00:00:00
mageia
mageia
Updated irssi packages fix security vulnerabilities
2017-01-15 00:05:17
ubuntu
ubuntu
Irssi vulnerabilities
2017-02-01 00:00:00
alpinelinux
alpinelinux
prion
prion
Null pointer dereference
2017-03-03 15:59:00
Design/Logic Flaw
2017-03-03 15:59:00
Out-of-bounds
2017-03-03 15:59:00
osv
osv
cvelist
cvelist
debiancve
debiancve
redhatcve
redhatcve
cve
cve
ubuntucve
ubuntucve
debian
debian
[SECURITY] [DLA 1217-1] irssi security update
2017-12-23 13:17:24
Related for OPENSUSE-2017-67.NASL