Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.PHOTONOS_PHSA-2018-2_0-0016.NASL
HistoryJul 24, 2018 - 12:00 a.m.

Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated)

2018-07-2400:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

0.037 Low

EPSS

Percentile

90.7%

JSON

An update of {‘linux’, ‘curl’, ‘binutils’, ‘postgresql’, ‘libtiff’} packages of Photon OS has been released.

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2/7/2019
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2018-2.0-0016. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(111286);
  script_version("1.3");
  script_cvs_date("Date: 2019/04/05 23:25:07");

  script_cve_id(
    "CVE-2017-8816",
    "CVE-2017-8817",
    "CVE-2017-9935",
    "CVE-2017-14930",
    "CVE-2017-14932",
    "CVE-2017-14933",
    "CVE-2017-14934",
    "CVE-2017-14938",
    "CVE-2017-14939",
    "CVE-2017-14940",
    "CVE-2017-14974",
    "CVE-2017-17080",
    "CVE-2017-17123",
    "CVE-2018-1052",
    "CVE-2018-1053",
    "CVE-2018-5344",
    "CVE-2018-1000007"
  );
  script_bugtraq_id(
    99296,
    101200,
    101201,
    101203,
    101204,
    101212,
    101216,
    101280,
    101998,
    102057,
    102503,
    102986,
    102987
  );

  script_name(english:"Photon OS 2.0 : Linux / Postgresql / Binutils / Curl / Libtiff (PhotonOS-PHSA-2018-2.0-0016) (deprecated)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"An update of {'linux', 'curl', 'binutils', 'postgresql', 'libtiff'}
packages of Photon OS has been released.");
  # https://github.com/vmware/photon/wiki/Security-Updates-2-16
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f4921835");
  script_set_attribute(attribute:"solution", value:"n/a.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8816");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:postgresql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtiff");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

exit(0, "This plugin has been deprecated.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

pkgs = [
  "binutils-2.30-1.ph2",
  "binutils-debuginfo-2.30-1.ph2",
  "binutils-devel-2.30-1.ph2",
  "curl-7.58.0-1.ph2",
  "curl-debuginfo-7.58.0-1.ph2",
  "curl-devel-7.58.0-1.ph2",
  "curl-libs-7.58.0-1.ph2",
  "libtiff-4.0.9-2.ph2",
  "libtiff-debuginfo-4.0.9-2.ph2",
  "libtiff-devel-4.0.9-2.ph2",
  "linux-4.9.80-1.ph2",
  "linux-api-headers-4.9.80-1.ph2",
  "linux-aws-4.9.80-1.ph2",
  "linux-aws-debuginfo-4.9.80-1.ph2",
  "linux-aws-devel-4.9.80-1.ph2",
  "linux-aws-docs-4.9.80-1.ph2",
  "linux-aws-drivers-gpu-4.9.80-1.ph2",
  "linux-aws-oprofile-4.9.80-1.ph2",
  "linux-aws-sound-4.9.80-1.ph2",
  "linux-aws-tools-4.9.80-1.ph2",
  "linux-debuginfo-4.9.80-1.ph2",
  "linux-devel-4.9.80-1.ph2",
  "linux-docs-4.9.80-1.ph2",
  "linux-drivers-gpu-4.9.80-1.ph2",
  "linux-esx-4.9.80-1.ph2",
  "linux-esx-debuginfo-4.9.80-1.ph2",
  "linux-esx-devel-4.9.80-1.ph2",
  "linux-esx-docs-4.9.80-1.ph2",
  "linux-oprofile-4.9.80-1.ph2",
  "linux-secure-4.9.80-1.ph2",
  "linux-secure-debuginfo-4.9.80-1.ph2",
  "linux-secure-devel-4.9.80-1.ph2",
  "linux-secure-docs-4.9.80-1.ph2",
  "linux-secure-lkcm-4.9.80-1.ph2",
  "linux-sound-4.9.80-1.ph2",
  "linux-tools-4.9.80-1.ph2",
  "postgresql-9.6.7-1.ph2",
  "postgresql-debuginfo-9.6.7-1.ph2",
  "postgresql-devel-9.6.7-1.ph2",
  "postgresql-libs-9.6.7-1.ph2"
];

foreach (pkg in pkgs)
  if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux / postgresql / binutils / curl / libtiff");
}
VendorProductVersionCPE
vmwarephotonoslinuxp-cpe:/a:vmware:photonos:linux
vmwarephotonospostgresqlp-cpe:/a:vmware:photonos:postgresql
vmwarephotonosbinutilsp-cpe:/a:vmware:photonos:binutils
vmwarephotonoscurlp-cpe:/a:vmware:photonos:curl
vmwarephotonoslibtiffp-cpe:/a:vmware:photonos:libtiff
vmwarephotonos2.0cpe:/o:vmware:photonos:2.0

References

Related

photon 7
nessus 39
openvas 14
cloudfoundry 1
debian 5
osv 20
fedora 2
amazon 1
ubuntu 3
kaspersky 1
freebsd 3
ibm 3
archlinux 6
slackware 1
altlinux 1
cve 15
prion 15
ubuntucve 16
redhatcve 16
debiancve 14
mageia 1
exploitpack 1
zdt 1
veracode 5
alpinelinux 3
gentoo 1
hackerone 1
symantec 1
virtuozzo 1
exploitdb 1
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0016
2018-02-14 00:00:00
Critical Photon OS Security Update - PHSA-2018-0016
2018-02-14 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0108
2018-02-14 00:00:00
nessus
nessus
Photon OS 2.0: Binutils PHSA-2018-2.0-0016
2019-02-07 00:00:00
Photon OS 1.0: Curl / Postgresql PHSA-2018-1.0-0108 (deprecated)
2018-08-17 00:00:00
Photon OS 1.0: Binutils PHSA-2018-1.0-0104 (deprecated)
2018-08-17 00:00:00
openvas
openvas
Fedora Update for curl FEDORA-2017-45bdf4dace
2017-12-10 00:00:00
Debian Security Advisory DSA 4051-1 (curl - security update)
2017-11-29 00:00:00
Ubuntu Update for curl USN-3498-1
2017-11-30 00:00:00
cloudfoundry
cloudfoundry
USN-3498-1: curl vulnerabilities | Cloud Foundry
2017-12-14 00:00:00
debian
debian
[SECURITY] [DSA 4051-1] curl security update
2017-11-29 11:09:32
[SECURITY] [DLA 1195-1] curl security update
2017-11-30 14:09:32
[SECURITY] [DLA 1263-1] curl security update
2018-01-29 21:39:06
osv
osv
curl - security update
2017-11-29 00:00:00
CVE-2017-14974
2017-10-02 01:29:00
CVE-2017-14932
2017-09-30 01:29:02
fedora
fedora
[SECURITY] Fedora 26 Update: curl-7.53.1-13.fc26
2017-12-09 22:30:25
[SECURITY] Fedora 27 Update: curl-7.55.1-8.fc27
2017-12-10 05:11:43
amazon
amazon
Medium: curl
2018-01-03 08:22:00
ubuntu
ubuntu
curl vulnerabilities
2017-11-29 00:00:00
curl vulnerability
2017-12-04 00:00:00
curl vulnerability
2018-02-01 00:00:00
kaspersky
kaspersky
KLA11196 Multiple vulnerabilities in PostgreSQL
2018-02-08 00:00:00
freebsd
freebsd
PostgreSQL vulnerabilities
2018-02-05 00:00:00
cURL -- Multiple vulnerabilities
2017-11-29 00:00:00
cURL -- Multiple vulnerabilities
2018-01-24 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter
2023-04-10 21:40:46
Security Bulletin: Vulnerabilities in cURL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru (CVE-2017-8816 CVE-2017-8817 CVE-2017-8818)
2019-01-31 02:40:01
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerability in cURL (CVE-2018-1000007)
2023-12-07 22:31:02
archlinux
archlinux
[ASA-201711-38] lib32-libcurl-compat: multiple issues
2017-11-30 00:00:00
[ASA-201711-36] lib32-curl: multiple issues
2017-11-30 00:00:00
[ASA-201711-37] lib32-libcurl-gnutls: multiple issues
2017-11-30 00:00:00
slackware
slackware
[slackware-security] curl
2017-11-29 22:40:18
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.57.0-alt1
2017-12-01 00:00:00
cve
cve
CVE-2017-14933
2017-09-30 01:29:00
CVE-2017-14974
2017-10-02 01:29:00
CVE-2017-14930
2017-09-30 01:29:00
prion
prion
Code injection
2017-09-30 01:29:00
Design/Logic Flaw
2017-09-30 01:29:00
Memory corruption
2017-09-30 01:29:00
ubuntucve
ubuntucve
CVE-2017-14932
2017-09-30 00:00:00
CVE-2017-14974
2017-10-02 00:00:00
CVE-2017-14940
2017-09-30 00:00:00
redhatcve
redhatcve
CVE-2017-14974
2017-10-10 12:50:18
CVE-2017-14932
2017-10-10 12:21:34
CVE-2017-14933
2017-10-10 12:21:14
debiancve
debiancve
CVE-2017-14940
2017-09-30 01:29:00
CVE-2017-14933
2017-09-30 01:29:00
CVE-2017-14939
2017-09-30 01:29:00
mageia
mageia
Updated curl packages fix security vulnerability
2018-01-03 19:40:26
exploitpack
exploitpack
binutils 2.29.51.20170921 - read_1_byte Heap Buffer Overflow
2017-10-10 00:00:00
zdt
zdt
binutils 2.29.51.20170921 - read_1_byte Heap-Based Buffer Overflow Vulnerability
2017-10-11 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:25:18
Denial Of Service (DoS) Through Heap Buffer Overflow
2018-04-12 02:30:38
Denial Of Service (DoS) Through Heap Buffer Overflow
2018-05-31 03:42:48
alpinelinux
alpinelinux
CVE-2017-8817
2017-11-29 18:29:00
CVE-2017-9935
2017-06-26 12:29:00
CVE-2017-8816
2017-11-29 18:29:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-12-14 00:00:00
hackerone
hackerone
curl: Proxy-Authorization header carried to a new host on a redirect
2021-01-25 02:37:39
symantec
symantec
cURL/libcURL CVE-2018-1000007 Information Disclosure Vulnerability
2018-01-24 00:00:00
virtuozzo
virtuozzo
Kernel security update: CVE-2018-5344 and other; Virtuozzo ReadyKernel patch 43.0 for Virtuozzo 7.0.x
2018-02-02 00:00:00
exploitdb
exploitdb
binutils 2.29.51.20170921 - &#039;read_1_byte&#039; Heap Buffer Overflow
2017-10-10 00:00:00

0.037 Low

EPSS

Percentile

90.7%

JSON
Related for PHOTONOS_PHSA-2018-2_0-0016.NASL
photon7nessus39openvas14cloudfoundry1debian5osv20fedora2amazon1ubuntu3kaspersky1freebsd3ibm3archlinux6slackware1altlinux1cve15prion15ubuntucve16redhatcve16debiancve14mageia1exploitpack1zdt1veracode5alpinelinux3gentoo1hackerone1symantec1virtuozzo1exploitdb1