Lucene search

K
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-217.NASL
HistoryMar 02, 2018 - 12:00 a.m.

openSUSE Security Update : freexl (openSUSE-2018-217)

2018-03-0200:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.7%

This update for freexl fixes the following issues :

freexl was updated to version 1.0.5 :

  • No changelog provided by upstream

  • Various heapoverflows in 1.0.4 have been fixed :

  • CVE-2018-7439: heap-buffer-overflow in freexl.c:3912 read_mini_biff_next_record (boo#1082774)

  • CVE-2018-7438: heap-buffer-overflow in freexl.c:383 parse_unicode_string (boo#1082775)

  • CVE-2018-7437: heap-buffer-overflow in freexl.c:1866 parse_SST(boo#1082776)

  • CVE-2018-7436: heap-buffer-overflow in freexl.c:1805 parse_SST parse_SST (boo#1082777)

  • CVE-2018-7435: heap-buffer-overflow in freexl::destroy_cell (boo#1082778)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-217.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(107113);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-7435", "CVE-2018-7436", "CVE-2018-7437", "CVE-2018-7438", "CVE-2018-7439");

  script_name(english:"openSUSE Security Update : freexl (openSUSE-2018-217)");
  script_summary(english:"Check for the openSUSE-2018-217 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for freexl fixes the following issues :

freexl was updated to version 1.0.5 :

  - No changelog provided by upstream

  - Various heapoverflows in 1.0.4 have been fixed :

  - CVE-2018-7439: heap-buffer-overflow in freexl.c:3912
    read_mini_biff_next_record (boo#1082774)

  - CVE-2018-7438: heap-buffer-overflow in freexl.c:383
    parse_unicode_string (boo#1082775)

  - CVE-2018-7437: heap-buffer-overflow in freexl.c:1866
    parse_SST(boo#1082776)

  - CVE-2018-7436: heap-buffer-overflow in freexl.c:1805
    parse_SST parse_SST (boo#1082777)

  - CVE-2018-7435: heap-buffer-overflow in
    freexl::destroy_cell (boo#1082778)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082775"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082776"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082777"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082778"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected freexl packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freexl-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:freexl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreexl1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfreexl1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.3", reference:"freexl-debugsource-1.0.5-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"freexl-devel-1.0.5-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libfreexl1-1.0.5-8.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"libfreexl1-debuginfo-1.0.5-8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "freexl-debugsource / freexl-devel / libfreexl1 / etc");
}
VendorProductVersionCPE
novellopensusefreexl-debugsourcep-cpe:/a:novell:opensuse:freexl-debugsource
novellopensusefreexl-develp-cpe:/a:novell:opensuse:freexl-devel
novellopensuselibfreexl1p-cpe:/a:novell:opensuse:libfreexl1
novellopensuselibfreexl1-debuginfop-cpe:/a:novell:opensuse:libfreexl1-debuginfo
novellopensuse42.3cpe:/o:novell:opensuse:42.3

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.7%