Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2023-0108-1.NASLHistoryMay 16, 2023 - 12:00 a.m.
openSUSE 15 Security Update : dcmtk (openSUSE-SU-2023:0108-1)
2023-05-1600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0108-1 advisory.
-
OFFIS DCMTK’s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. (CVE-2022-2119)
-
OFFIS DCMTK’s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names.
This could allow remote code execution. (CVE-2022-2120) -
OFFIS DCMTK’s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. (CVE-2022-2121)
-
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. (CVE-2022-43272)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2023:0108-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(175812);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/16");
script_cve_id(
"CVE-2022-2119",
"CVE-2022-2120",
"CVE-2022-2121",
"CVE-2022-43272"
);
script_name(english:"openSUSE 15 Security Update : dcmtk (openSUSE-SU-2023:0108-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the
openSUSE-SU-2023:0108-1 advisory.
- OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal,
allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could
allow remote code execution. (CVE-2022-2119)
- OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path
traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names.
This could allow remote code execution. (CVE-2022-2120)
- OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing
DICOM files, which may result in a denial-of-service condition. (CVE-2022-2121)
- DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. (CVE-2022-43272)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206070");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208637");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208638");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208639");
# https://lists.opensuse.org/archives/list/[email protected]/thread/MKL5XGJX4U2PD4XAVAZG2YAU2LYKLQIH/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52246a51");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2119");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2120");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2121");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-43272");
script_set_attribute(attribute:"solution", value:
"Update the affected dcmtk, dcmtk-devel and / or libdcmtk17 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2120");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dcmtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dcmtk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcmtk17");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/SuSE/release');
if (isnull(os_release) || os_release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var _os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:os_release);
if (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
_os_ver = _os_ver[1];
if (os_release !~ "^(SUSE15\.4)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', os_release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);
var pkgs = [
{'reference':'dcmtk-3.6.7-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dcmtk-devel-3.6.7-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdcmtk17-3.6.7-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dcmtk / dcmtk-devel / libdcmtk17');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43272
www.nessus.org/u?52246a51
bugzilla.suse.com/1206070
bugzilla.suse.com/1208637
bugzilla.suse.com/1208638
bugzilla.suse.com/1208639
www.suse.com/security/cve/CVE-2022-2119
www.suse.com/security/cve/CVE-2022-2120
www.suse.com/security/cve/CVE-2022-2121
www.suse.com/security/cve/CVE-2022-43272
Related
openvas
openvas
openSUSE: Security Advisory for dcmtk (openSUSE-SU-2023:0108-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0083)
2023-03-28 00:00:00
Ubuntu: Security Advisory (USN-5882-1)
2023-02-23 00:00:00
nessus
nessus
ics
ics
OFFIS DCMTK
2022-06-23 12:00:00
suse
suse
ubuntucve
ubuntucve
osv
osv
dcmtk vulnerabilities
2023-02-22 18:23:35
CVE-2022-43272
2022-12-02 16:15:09
CVE-2022-2121
2022-06-24 15:15:10
ubuntu
ubuntu
DCMTK vulnerabilities
2023-02-22 00:00:00
mageia
mageia
Updated dcmtk packages fix security vulnerability
2023-03-11 22:00:39
gitlab
gitlab
Missing Release of Memory after Effective Lifetime
2022-12-02 00:00:00
NULL Pointer Dereference
2022-06-24 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: dcmtk-3.6.7-3.fc38
2023-03-11 03:55:09
[SECURITY] Fedora 36 Update: dcmtk-3.6.7-3.fc36
2023-03-11 04:03:25
[SECURITY] Fedora 37 Update: dcmtk-3.6.7-3.fc37
2023-03-11 04:28:19
cve
cve
prion
prion
Memory corruption
2022-12-02 16:15:00
Null pointer dereference
2022-06-24 15:15:00
Path traversal
2022-06-24 15:15:00
veracode
veracode
Denial Of Service (DoS)
2023-02-12 05:51:18
Denial Of Service (DoS)
2022-09-03 20:06:28
Path Traversal
2022-09-03 20:28:17
debiancve
debiancve
Related for OPENSUSE-2023-0108-1.NASL