Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-958.NASL
HistoryJul 20, 2020 - 12:00 a.m.

openSUSE Security Update : hylafax+ (openSUSE-2020-958)

2020-07-2000:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON

This update for hylafax+ fixes the following issues :

Security issue fixed :

  • CVE-2020-8024 boo#1172731

hylafax+ was updated to version 7.0.2 :

  • change FIXEDWIDTH default to better accommodate auto-rotation (13 Dec 2019)

  • prevent SSL_accept() from blocking (5 Dec 2019)

  • support libtiff v4.1 (5 Dec 2019)

  • fix ignoremodembusy feature broken by ModemGroup limits feature (16 Nov 2019)

Version 7.0.1 :

  • create a client timeout setting and change the default from 60 to 3600 seconds (26 Sep 2019)

  • extend timeout for receiving ECM frames (21 Aug 2019)

  • fix timeout in Class 1 frame reception (5 Aug 2019)

  • improve Class 1 protocol handling when MaxRecvPages exceeded (31 Jul 2019)

  • fix ModemGroup limit default (11 Jul 2019)

  • fix recovery for SSL Fax write failures (6 Jun 2019)

Version 7.0.0 :

  • add LDAP features for compatibility with ActiveDirectory (25 Mar-1 Apr 2019)

  • fix recovery after SSL Fax ‘accept failure’ (18 Mar 2019)

  • add TextFormat overstrike option and disable by default (6 Feb 2019)

  • fix the page size of cover sheets returned via notify (8 Jan 2019)

  • fix or silence numerous compiler warnings (19, 22, 28 Dec 2018)

  • fix pagehandling updating after a proxy has been used (7-8 Dec 2018)

  • add faxmail stderr output of RFC2047 decoding results (5 Dec 2018)

  • fix faxmail handling of headers encoded with UTF-8 (4 Dec 2018)

  • fix faxmail handling of base64-encoded text parts (4 Dec 2018)

  • add SSL Fax support (9-26, 29 Nov; 11, 18, 25 Dec 2018;
    2, 7, 23 Jan 2019)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-958.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('compat.inc');

if (description)
{
  script_id(138739);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/29");

  script_cve_id("CVE-2020-8024");

  script_name(english:"openSUSE Security Update : hylafax+ (openSUSE-2020-958)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for hylafax+ fixes the following issues :

Security issue fixed :

  - CVE-2020-8024 boo#1172731 

hylafax+ was updated to version 7.0.2 :

  - change FIXEDWIDTH default to better accommodate
    auto-rotation (13 Dec 2019)

  - prevent SSL_accept() from blocking (5 Dec 2019)

  - support libtiff v4.1 (5 Dec 2019)

  - fix ignoremodembusy feature broken by ModemGroup limits
    feature (16 Nov 2019)

Version 7.0.1 :

  - create a client timeout setting and change the default
    from 60 to 3600 seconds (26 Sep 2019)

  - extend timeout for receiving ECM frames (21 Aug 2019)

  - fix timeout in Class 1 frame reception (5 Aug 2019)

  - improve Class 1 protocol handling when MaxRecvPages
    exceeded (31 Jul 2019)

  - fix ModemGroup limit default (11 Jul 2019)

  - fix recovery for SSL Fax write failures (6 Jun 2019)

Version 7.0.0 :

  - add LDAP features for compatibility with ActiveDirectory
    (25 Mar-1 Apr 2019)

  - fix recovery after SSL Fax 'accept failure' (18 Mar
    2019)

  - add TextFormat overstrike option and disable by default
    (6 Feb 2019)

  - fix the page size of cover sheets returned via notify (8
    Jan 2019)

  - fix or silence numerous compiler warnings (19, 22, 28
    Dec 2018)

  - fix pagehandling updating after a proxy has been used
    (7-8 Dec 2018)

  - add faxmail stderr output of RFC2047 decoding results (5
    Dec 2018)

  - fix faxmail handling of headers encoded with UTF-8 (4
    Dec 2018)

  - fix faxmail handling of base64-encoded text parts (4 Dec
    2018)

  - add SSL Fax support (9-26, 29 Nov; 11, 18, 25 Dec 2018;
    2, 7, 23 Jan 2019)");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172731");
  script_set_attribute(attribute:"solution", value:
"Update the affected hylafax+ packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8024");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hylafax+");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hylafax+-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hylafax+-client-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hylafax+-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hylafax+-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfaxutil7_0_2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libfaxutil7_0_2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"hylafax+-7.0.2-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"hylafax+-client-7.0.2-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"hylafax+-client-debuginfo-7.0.2-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"hylafax+-debuginfo-7.0.2-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"hylafax+-debugsource-7.0.2-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libfaxutil7_0_2-7.0.2-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libfaxutil7_0_2-debuginfo-7.0.2-lp151.4.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "hylafax+ / hylafax+-client / hylafax+-client-debuginfo / etc");
}

Related

prion 1
cvelist 1
nvd 1
cve 1
suse 1
openvas 1
debiancve 1
ubuntucve 1
osv 1
prion
prion
Design/Logic Flaw
2020-06-29 08:15:00
cvelist
cvelist
CVE-2020-8024 Problematic permissions in hylafax+ packaging allow escalation from uucp to other users
2020-06-29 07:45:17
nvd
nvd
CVE-2020-8024
2020-06-29 08:15:10
cve
cve
CVE-2020-8024
2020-06-29 08:15:10
suse
suse
Security update for hylafax+ (moderate)
2020-07-14 00:00:00
openvas
openvas
openSUSE: Security Advisory for hylafax+ (openSUSE-SU-2020:0958-1)
2020-07-15 00:00:00
debiancve
debiancve
CVE-2020-8024
2020-06-29 08:15:10
ubuntucve
ubuntucve
CVE-2020-8024
2020-06-29 00:00:00
osv
osv
hylafax+-7.0.3-5.1 on GA media
2024-06-15 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

25.1%

JSON
Related for OPENSUSE-2020-958.NASL
prion1cvelist1nvd1cve1suse1openvas1debiancve1ubuntucve1osv1