The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0108-1 advisory.
OFFIS DCMTK’s (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. (CVE-2022-2119)
OFFIS DCMTK’s (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names.
This could allow remote code execution. (CVE-2022-2120)
OFFIS DCMTK’s (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. (CVE-2022-2121)
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. (CVE-2022-43272)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2023:0108-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(175812);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/16");
script_cve_id(
"CVE-2022-2119",
"CVE-2022-2120",
"CVE-2022-2121",
"CVE-2022-43272"
);
script_name(english:"openSUSE 15 Security Update : dcmtk (openSUSE-SU-2023:0108-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the
openSUSE-SU-2023:0108-1 advisory.
- OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal,
allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could
allow remote code execution. (CVE-2022-2119)
- OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path
traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names.
This could allow remote code execution. (CVE-2022-2120)
- OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing
DICOM files, which may result in a denial-of-service condition. (CVE-2022-2121)
- DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. (CVE-2022-43272)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1206070");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208637");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208638");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208639");
# https://lists.opensuse.org/archives/list/[email protected]/thread/MKL5XGJX4U2PD4XAVAZG2YAU2LYKLQIH/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52246a51");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2119");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2120");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-2121");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-43272");
script_set_attribute(attribute:"solution", value:
"Update the affected dcmtk, dcmtk-devel and / or libdcmtk17 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2120");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dcmtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dcmtk-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdcmtk17");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/SuSE/release');
if (isnull(os_release) || os_release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var _os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:os_release);
if (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
_os_ver = _os_ver[1];
if (os_release !~ "^(SUSE15\.4)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', os_release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);
var pkgs = [
{'reference':'dcmtk-3.6.7-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'dcmtk-devel-3.6.7-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libdcmtk17-3.6.7-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dcmtk / dcmtk-devel / libdcmtk17');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43272
www.nessus.org/u?52246a51
bugzilla.suse.com/1206070
bugzilla.suse.com/1208637
bugzilla.suse.com/1208638
bugzilla.suse.com/1208639
www.suse.com/security/cve/CVE-2022-2119
www.suse.com/security/cve/CVE-2022-2120
www.suse.com/security/cve/CVE-2022-2121
www.suse.com/security/cve/CVE-2022-43272