Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-1968.NASLHistoryAug 21, 2019 - 12:00 a.m.
openSUSE Security Update : libcryptopp (openSUSE-2019-1968)
2019-08-2100:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6 Medium
AI Score
Confidence
High
0.05 Low
EPSS
Percentile
92.9%
This update for libcryptopp fixes the following issues :
- CVE-2019-14318: Fixed a timing side channel vulnerability in the ECDSA signature generation (boo#1143532).
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-1968.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(128047);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/02");
script_cve_id("CVE-2019-14318");
script_name(english:"openSUSE Security Update : libcryptopp (openSUSE-2019-1968)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for libcryptopp fixes the following issues :
- CVE-2019-14318: Fixed a timing side channel
vulnerability in the ECDSA signature generation
(boo#1143532).");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1143532");
script_set_attribute(attribute:"solution", value:
"Update the affected libcryptopp packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14318");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/30");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcryptopp-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcryptopp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcryptopp5_6_5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcryptopp5_6_5-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcryptopp5_6_5-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libcryptopp5_6_5-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.1", reference:"libcryptopp-debugsource-5.6.5-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libcryptopp-devel-5.6.5-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libcryptopp5_6_5-5.6.5-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libcryptopp5_6_5-debuginfo-5.6.5-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libcryptopp5_6_5-32bit-5.6.5-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libcryptopp5_6_5-32bit-debuginfo-5.6.5-lp151.3.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcryptopp-debugsource / libcryptopp-devel / libcryptopp5_6_5 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libcryptopp-debugsource | p-cpe:/a:novell:opensuse:libcryptopp-debugsource |
| novell | opensuse | libcryptopp-devel | p-cpe:/a:novell:opensuse:libcryptopp-devel |
| novell | opensuse | libcryptopp5_6_5 | p-cpe:/a:novell:opensuse:libcryptopp5_6_5 |
| novell | opensuse | libcryptopp5_6_5-32bit | p-cpe:/a:novell:opensuse:libcryptopp5_6_5-32bit |
| novell | opensuse | libcryptopp5_6_5-32bit-debuginfo | p-cpe:/a:novell:opensuse:libcryptopp5_6_5-32bit-debuginfo |
| novell | opensuse | libcryptopp5_6_5-debuginfo | p-cpe:/a:novell:opensuse:libcryptopp5_6_5-debuginfo |
| novell | opensuse | 15.1 | cpe:/o:novell:opensuse:15.1 |
Related
prion
prion
Information disclosure
2019-07-30 17:15:00
Design/Logic Flaw
2023-08-22 19:16:00
nvd
nvd
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
veracode
veracode
Side Channel Attack
2023-10-11 05:20:52
debiancve
debiancve
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
osv
osv
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0362)
2022-01-28 00:00:00
openSUSE: Security Advisory for libcryptopp (openSUSE-SU-2019:1968-1)
2019-08-21 00:00:00
archlinux
archlinux
[ASA-201912-3] crypto++: private key recovery
2019-12-06 00:00:00
ubuntucve
ubuntucve
CVE-2019-14318
2019-07-30 00:00:00
CVE-2022-48570
2023-08-22 00:00:00
cve
cve
CVE-2019-14318
2019-07-30 17:15:12
CVE-2022-48570
2023-08-22 19:16:32
suse
suse
Security update for libcryptopp (moderate)
2019-08-20 00:00:00
mageia
mageia
Updated libcryptopp packages fix security vulnerability
2019-12-06 17:15:42
cvelist
cvelist
CVE-2019-14318
2019-07-30 16:26:56
CVE-2022-48570
2023-08-22 00:00:00
f5
f5
K000137107 : Crypto++ vulnerability CVE-2022-48570
2023-10-03 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6 Medium
AI Score
Confidence
High
0.05 Low
EPSS
Percentile
92.9%
Related for OPENSUSE-2019-1968.NASL