Lucene search

K

Photon OS 3.0: Curl PHSA-2019-3.0-0032

The remote PhotonOS host is missing multiple security updates. An update of the curl package has been released

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5481, CVE-2019-5482)
21 Feb 202016:14
ibm
IBM Security Bulletins
Security Bulletin: cURL vulnerabilities CVE-2019-5481 CVE-2019-5482 impact IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier
10 Dec 202022:27
ibm
IBM Security Bulletins
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - cURL (CVE-2019-5482, CVE-2019-5481)
18 Aug 202019:28
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in libCurl affects IBM Watson Studio Local
20 Dec 201921:21
ibm
IBM Security Bulletins
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by a libcurl security vulnerability (CVE-2019-5482)
28 Feb 202021:24
ibm
IBM Security Bulletins
Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in cURL (CVE-2019-5482)
24 Jun 202018:53
ibm
IBM Security Bulletins
Security Bulletin: Multiple Security Vulnerabilties have been fixed in the IBM Security Access Manager and IBM Security Verify Access appliances.
16 Mar 202119:55
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2 Feb 202122:11
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
27 Jan 202100:04
ibm
IBM Security Bulletins
Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities
15 Apr 202221:36
ibm
Rows per page
#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2019-3.0-0032. The text
# itself is copyright (C) VMware, Inc.

include('compat.inc');

if (description)
{
  script_id(130111);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/24");

  script_cve_id("CVE-2019-5481", "CVE-2019-5482");

  script_name(english:"Photon OS 3.0: Curl PHSA-2019-3.0-0032");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the curl package has been released.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Update-3.0-32.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5482");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:curl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item('Host/PhotonOS/release');
if (isnull(_release) || _release !~ "^VMware Photon") audit(AUDIT_OS_NOT, 'PhotonOS');
if (_release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');

if (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);

var flag = 0;

if (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'curl-7.61.1-5.ph3')) flag++;
if (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'curl-debuginfo-7.61.1-5.ph3')) flag++;
if (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'curl-devel-7.61.1-5.ph3')) flag++;
if (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'curl-libs-7.61.1-5.ph3')) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'curl');
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 Oct 2019 00:00Current
10.0High risk
Vulners AI Score10.0
CVSS27.5
CVSS39.8
EPSS0.094
22
.json
Report