Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2018-865.NASL
HistoryAug 15, 2018 - 12:00 a.m.

openSUSE Security Update : lxc (openSUSE-2018-865)

2018-08-1500:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

Low

EPSS

0.001

Percentile

33.6%

JSON

This update for lxc fixes the following issues :

The following security vulnerability was fixed :

  • CVE-2018-6556: Fixed an information leak and possible open() side effects to regular users via lxc-user-nic (boo#988348)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-865.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(111739);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/21");

  script_cve_id("CVE-2018-6556");

  script_name(english:"openSUSE Security Update : lxc (openSUSE-2018-865)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for lxc fixes the following issues :

The following security vulnerability was fixed :

  - CVE-2018-6556: Fixed an information leak and possible
    open() side effects to regular users via lxc-user-nic
    (boo#988348)");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=988348");
  script_set_attribute(attribute:"solution", value:
"Update the affected lxc packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6556");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblxc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblxc1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:liblxc1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lxc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lxc-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"liblxc-devel-2.0.9-lp150.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"liblxc1-2.0.9-lp150.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"liblxc1-debuginfo-2.0.9-lp150.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"lxc-2.0.9-lp150.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"lxc-debuginfo-2.0.9-lp150.2.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"lxc-debugsource-2.0.9-lp150.2.6.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "liblxc-devel / liblxc1 / liblxc1-debuginfo / lxc / lxc-debuginfo / etc");
}

Related

prion 2
ubuntucve 2
gentoo 1
cve 2
ubuntu 1
nessus 14
cvelist 2
suse 5
openvas 12
debiancve 2
osv 3
alpinelinux 2
nvd 2
prion
prion
Design/Logic Flaw
2018-08-10 15:29:00
Path traversal
2023-01-01 06:15:00
ubuntucve
ubuntucve
CVE-2018-6556
2018-08-06 00:00:00
CVE-2022-47952
2023-01-01 00:00:00
gentoo
gentoo
LinuX Containers user space utilities: Arbitrary file read
2018-08-22 00:00:00
cve
cve
CVE-2018-6556
2018-08-10 15:29:01
CVE-2022-47952
2023-01-01 06:15:09
ubuntu
ubuntu
LXC vulnerability
2018-08-06 00:00:00
nessus
nessus
openSUSE Security Update : lxc (openSUSE-2019-596)
2019-03-27 00:00:00
Ubuntu 18.04 LTS : LXC vulnerability (USN-3730-1)
2018-08-07 00:00:00
GLSA-201808-02 : LinuX Containers user space utilities: Arbitrary file read
2018-08-23 00:00:00
cvelist
cvelist
CVE-2018-6556 The lxc-user-nic component of LXC allows unprivileged users to open arbitrary files
2018-08-10 15:00:00
CVE-2022-47952
2023-01-01 00:00:00
suse
suse
Security update for lxc (moderate)
2019-04-18 00:00:00
Security update for lxc (moderate)
2018-08-13 21:09:16
Security update for lxc, lxcfs (important)
2019-04-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for lxc (openSUSE-SU-2018:2316-1)
2018-10-26 00:00:00
Ubuntu: Security Advisory (USN-3730-1)
2018-08-07 00:00:00
openSUSE: Security Advisory for lxc, lxcfs (openSUSE-SU-2019:1275-1)
2019-04-26 00:00:00
debiancve
debiancve
CVE-2018-6556
2018-08-10 15:29:01
CVE-2022-47952
2023-01-01 06:15:09
osv
osv
CVE-2018-6556
2018-08-10 15:29:01
CVE-2022-47952
2023-01-01 06:15:09
liblxc-devel-4.0.9-1.1 on GA media
2024-06-15 00:00:00
alpinelinux
alpinelinux
CVE-2018-6556
2018-08-10 15:29:01
CVE-2022-47952
2023-01-01 06:15:09
nvd
nvd
CVE-2018-6556
2018-08-10 15:29:01
CVE-2022-47952
2023-01-01 06:15:09

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

Low

EPSS

0.001

Percentile

33.6%

JSON
Related for OPENSUSE-2018-865.NASL
prion2ubuntucve2gentoo1cve2ubuntu1nessus14cvelist2suse5openvas12debiancve2osv3alpinelinux2nvd2