Lucene search
K

openSUSE Security Update : icecast (openSUSE-2019-360)

🗓️ 27 Mar 2019 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 26 Views

openSUSE Security Update for icecast, fixes buffer overflow allowing remote code execution (openSUSE-2019-360

Related
Refs
Code
ReporterTitlePublishedViews
Family
AlpineLinux
CVE-2018-18820
5 Nov 201819:00
alpinelinux
Circl
CVE-2018-18820
3 Feb 202504:00
circl
CVE
CVE-2018-18820
5 Nov 201819:00
cve
Cvelist
CVE-2018-18820
5 Nov 201819:00
cvelist
Debian
[SECURITY] [DLA-1588-1] icecast2 security update
26 Nov 201813:54
debian
Debian
[SECURITY] [DSA 4333-1] icecast2 security update
4 Nov 201821:34
debian
Debian CVE
CVE-2018-18820
5 Nov 201819:00
debiancve
Tenable Nessus
Debian DLA-1588-1 : icecast2 security update
27 Nov 201800:00
nessus
Tenable Nessus
Debian DSA-4333-1 : icecast2 - security update
5 Nov 201800:00
nessus
Tenable Nessus
Fedora 29 : icecast (2018-b881073c43)
3 Jan 201900:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-360.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(123170);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/03/13");

  script_cve_id("CVE-2018-18820");

  script_name(english:"openSUSE Security Update : icecast (openSUSE-2019-360)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for icecast fixes the following security issues :

  - CVE-2018-18820: A buffer overflow in url-auth could have
    potentially allowed remote code execution (boo#1114434)");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114434");
  script_set_attribute(attribute:"solution", value:
"Update the affected icecast packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18820");
  script_set_attribute(attribute:"cvss3_score_rationale", value:"Scoring adjustsed to align with CVSS 3.1 attack complexity guidance.");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icecast");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icecast-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:icecast-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"icecast-2.4.3-lp150.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"icecast-debuginfo-2.4.3-lp150.4.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"icecast-debugsource-2.4.3-lp150.4.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "icecast / icecast-debuginfo / icecast-debugsource");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

13 Mar 2025 00:00Current
8.6High risk
Vulners AI Score8.6
CVSS 26.8
CVSS 38.1
EPSS0.48944
26