Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2021-1678.NASLHistoryMay 19, 2021 - 12:00 a.m.
RHEL 8 : perl (RHSA-2021:1678)
2021-05-1900:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1678 advisory.
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
* perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
* perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2021:1678. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149678);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2020-10543", "CVE-2020-10878");
script_xref(name:"IAVA", value:"2020-A-0268");
script_xref(name:"RHSA", value:"2021:1678");
script_xref(name:"CEA-ID", value:"CEA-2021-0004");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"RHEL 8 : perl (RHSA-2021:1678)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for perl.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2021:1678 advisory.
Perl is a high-level programming language that is commonly used for system administration utilities and
web programming.
Security Fix(es):
* perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
* perl: corruption of intermediate language state of compiled regular expression due to integer overflow
leads to DoS (CVE-2020-10878)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes
linked from the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?862005a9");
# https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_1678.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e6767e9b");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2021:1678");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1807120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1837975");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1837988");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1903503");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1913693");
script_set_attribute(attribute:"solution", value:
"Update the RHEL perl package based on the guidance in RHSA-2021:1678.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10878");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(185, 787);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/02");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Attribute-Handlers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Devel-Peek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Devel-SelfStubber");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Errno");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-Embed");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-ExtUtils-Miniperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-IO-Zlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Locale-Maketext-Simple");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Math-Complex");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Memoize");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Module-Loaded");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Net-Ping");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Pod-Html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-SelfLoader");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Time-Piece");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-interpreter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-libnetcfg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-macros");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-open");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-utils");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel8/8.10/aarch64/appstream/debug',
'content/dist/rhel8/8.10/aarch64/appstream/os',
'content/dist/rhel8/8.10/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/aarch64/baseos/debug',
'content/dist/rhel8/8.10/aarch64/baseos/os',
'content/dist/rhel8/8.10/aarch64/baseos/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/appstream/debug',
'content/dist/rhel8/8.10/ppc64le/appstream/os',
'content/dist/rhel8/8.10/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/baseos/debug',
'content/dist/rhel8/8.10/ppc64le/baseos/os',
'content/dist/rhel8/8.10/ppc64le/baseos/source/SRPMS',
'content/dist/rhel8/8.10/s390x/appstream/debug',
'content/dist/rhel8/8.10/s390x/appstream/os',
'content/dist/rhel8/8.10/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.10/s390x/baseos/debug',
'content/dist/rhel8/8.10/s390x/baseos/os',
'content/dist/rhel8/8.10/s390x/baseos/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/appstream/debug',
'content/dist/rhel8/8.10/x86_64/appstream/os',
'content/dist/rhel8/8.10/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/baseos/debug',
'content/dist/rhel8/8.10/x86_64/baseos/os',
'content/dist/rhel8/8.10/x86_64/baseos/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/appstream/debug',
'content/dist/rhel8/8.6/aarch64/appstream/os',
'content/dist/rhel8/8.6/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/baseos/debug',
'content/dist/rhel8/8.6/aarch64/baseos/os',
'content/dist/rhel8/8.6/aarch64/baseos/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/appstream/debug',
'content/dist/rhel8/8.6/ppc64le/appstream/os',
'content/dist/rhel8/8.6/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/baseos/debug',
'content/dist/rhel8/8.6/ppc64le/baseos/os',
'content/dist/rhel8/8.6/ppc64le/baseos/source/SRPMS',
'content/dist/rhel8/8.6/s390x/appstream/debug',
'content/dist/rhel8/8.6/s390x/appstream/os',
'content/dist/rhel8/8.6/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.6/s390x/baseos/debug',
'content/dist/rhel8/8.6/s390x/baseos/os',
'content/dist/rhel8/8.6/s390x/baseos/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/appstream/debug',
'content/dist/rhel8/8.6/x86_64/appstream/os',
'content/dist/rhel8/8.6/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/baseos/debug',
'content/dist/rhel8/8.6/x86_64/baseos/os',
'content/dist/rhel8/8.6/x86_64/baseos/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/appstream/debug',
'content/dist/rhel8/8.8/aarch64/appstream/os',
'content/dist/rhel8/8.8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/baseos/debug',
'content/dist/rhel8/8.8/aarch64/baseos/os',
'content/dist/rhel8/8.8/aarch64/baseos/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/appstream/debug',
'content/dist/rhel8/8.8/ppc64le/appstream/os',
'content/dist/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/baseos/debug',
'content/dist/rhel8/8.8/ppc64le/baseos/os',
'content/dist/rhel8/8.8/ppc64le/baseos/source/SRPMS',
'content/dist/rhel8/8.8/s390x/appstream/debug',
'content/dist/rhel8/8.8/s390x/appstream/os',
'content/dist/rhel8/8.8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.8/s390x/baseos/debug',
'content/dist/rhel8/8.8/s390x/baseos/os',
'content/dist/rhel8/8.8/s390x/baseos/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/appstream/debug',
'content/dist/rhel8/8.8/x86_64/appstream/os',
'content/dist/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/baseos/debug',
'content/dist/rhel8/8.8/x86_64/baseos/os',
'content/dist/rhel8/8.8/x86_64/baseos/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/appstream/debug',
'content/dist/rhel8/8.9/aarch64/appstream/os',
'content/dist/rhel8/8.9/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/baseos/debug',
'content/dist/rhel8/8.9/aarch64/baseos/os',
'content/dist/rhel8/8.9/aarch64/baseos/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/appstream/debug',
'content/dist/rhel8/8.9/ppc64le/appstream/os',
'content/dist/rhel8/8.9/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/baseos/debug',
'content/dist/rhel8/8.9/ppc64le/baseos/os',
'content/dist/rhel8/8.9/ppc64le/baseos/source/SRPMS',
'content/dist/rhel8/8.9/s390x/appstream/debug',
'content/dist/rhel8/8.9/s390x/appstream/os',
'content/dist/rhel8/8.9/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.9/s390x/baseos/debug',
'content/dist/rhel8/8.9/s390x/baseos/os',
'content/dist/rhel8/8.9/s390x/baseos/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/appstream/debug',
'content/dist/rhel8/8.9/x86_64/appstream/os',
'content/dist/rhel8/8.9/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/baseos/debug',
'content/dist/rhel8/8.9/x86_64/baseos/os',
'content/dist/rhel8/8.9/x86_64/baseos/source/SRPMS',
'content/dist/rhel8/8/aarch64/appstream/debug',
'content/dist/rhel8/8/aarch64/appstream/os',
'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8/aarch64/baseos/debug',
'content/dist/rhel8/8/aarch64/baseos/os',
'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',
'content/dist/rhel8/8/ppc64le/appstream/debug',
'content/dist/rhel8/8/ppc64le/appstream/os',
'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8/ppc64le/baseos/debug',
'content/dist/rhel8/8/ppc64le/baseos/os',
'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',
'content/dist/rhel8/8/s390x/appstream/debug',
'content/dist/rhel8/8/s390x/appstream/os',
'content/dist/rhel8/8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8/s390x/baseos/debug',
'content/dist/rhel8/8/s390x/baseos/os',
'content/dist/rhel8/8/s390x/baseos/source/SRPMS',
'content/dist/rhel8/8/x86_64/appstream/debug',
'content/dist/rhel8/8/x86_64/appstream/os',
'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8/x86_64/baseos/debug',
'content/dist/rhel8/8/x86_64/baseos/os',
'content/dist/rhel8/8/x86_64/baseos/source/SRPMS'
],
'pkgs': [
{'reference':'perl-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-Attribute-Handlers-0.99-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-devel-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-Devel-Peek-1.26-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Devel-SelfStubber-1.06-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Errno-1.28-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-ExtUtils-Embed-1.34-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-ExtUtils-Miniperl-1.06-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-interpreter-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-IO-1.38-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-IO-Zlib-1.10-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'perl-libnetcfg-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-libs-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-Locale-Maketext-Simple-0.21-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'perl-macros-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-Math-Complex-1.59-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Memoize-1.03-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Module-Loaded-0.08-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'perl-Net-Ping-2.55-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-open-1.11-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Pod-Html-1.22.02-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-SelfLoader-1.23-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Test-1.30-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-tests-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'4'},
{'reference':'perl-Time-Piece-1.31-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-utils-5.26.3-419.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'perl / perl-Attribute-Handlers / perl-Devel-Peek / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | perl-devel | p-cpe:/a:redhat:enterprise_linux:perl-devel |
| redhat | enterprise_linux | perl-devel-peek | p-cpe:/a:redhat:enterprise_linux:perl-devel-peek |
| redhat | enterprise_linux | perl-extutils-miniperl | p-cpe:/a:redhat:enterprise_linux:perl-extutils-miniperl |
| redhat | enterprise_linux | perl-macros | p-cpe:/a:redhat:enterprise_linux:perl-macros |
| redhat | enterprise_linux | perl-utils | p-cpe:/a:redhat:enterprise_linux:perl-utils |
| redhat | enterprise_linux | perl | p-cpe:/a:redhat:enterprise_linux:perl |
| redhat | enterprise_linux | perl-open | p-cpe:/a:redhat:enterprise_linux:perl-open |
| redhat | enterprise_linux | perl-selfloader | p-cpe:/a:redhat:enterprise_linux:perl-selfloader |
| redhat | enterprise_linux | perl-devel-selfstubber | p-cpe:/a:redhat:enterprise_linux:perl-devel-selfstubber |
| redhat | enterprise_linux | perl-tests | p-cpe:/a:redhat:enterprise_linux:perl-tests |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10543
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
www.nessus.org/u?862005a9
www.nessus.org/u?e6767e9b
access.redhat.com/errata/RHSA-2021:1678
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1807120
bugzilla.redhat.com/show_bug.cgi?id=1837975
bugzilla.redhat.com/show_bug.cgi?id=1837988
bugzilla.redhat.com/show_bug.cgi?id=1903503
bugzilla.redhat.com/show_bug.cgi?id=1913693
Related
redhat
redhat
(RHSA-2021:1678) Moderate: perl security and bug fix update
2021-05-18 05:49:06
(RHSA-2021:2792) Moderate: perl security and bug fix update
2021-07-20 13:20:44
(RHSA-2021:0883) Moderate: perl security update
2021-03-16 13:08:30
rocky
rocky
perl security and bug fix update
2021-05-18 05:49:06
nessus
nessus
Rocky Linux 8 : perl (RLSA-2021:1678)
2023-11-07 00:00:00
AlmaLinux 8 : perl (ALSA-2021:1678)
2022-02-09 00:00:00
Oracle Linux 8 : perl (ELSA-2021-1678)
2021-05-26 00:00:00
almalinux
almalinux
Moderate: perl security and bug fix update
2021-05-18 05:49:06
osv
osv
Moderate: perl security and bug fix update
2021-05-18 05:49:06
perl vulnerabilities
2020-10-26 11:11:53
perl vulnerabilities
2020-10-27 14:02:08
oraclelinux
oraclelinux
perl security and bug fix update
2021-05-25 00:00:00
perl security update
2021-02-03 00:00:00
perl security update
2021-05-20 00:00:00
aix
aix
There are vulnerabilities in Perl that affect AIX.
2020-12-09 16:36:39
cloudfoundry
cloudfoundry
USN-4602-1: Perl vulnerabilities | Cloud Foundry
2021-03-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-2459)
2020-11-05 00:00:00
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-2085)
2020-09-29 00:00:00
Ubuntu: Security Advisory (USN-4602-1)
2020-10-27 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2020-10-27 00:00:00
Perl vulnerabilities
2020-10-26 00:00:00
ibm
ibm
centos
centos
perl security update
2021-02-04 01:04:16
amazon
amazon
Medium: perl
2021-02-19 01:26:00
suse
suse
Security update for perl (important)
2020-06-23 00:00:00
gentoo
gentoo
Perl: Multiple vulnerabilities
2020-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: perl-5.30.3-453.fc32
2020-06-05 02:32:03
[SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31
2020-06-16 01:19:13
mageia
mageia
Updated perl packages fix security vulnerability
2020-06-11 02:59:36
prion
prion
Integer overflow
2020-06-05 14:15:00
Integer overflow
2020-06-05 14:15:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0104
2020-06-23 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0104
2020-06-23 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:34:46
Integer Overflow
2020-08-06 21:38:33
debiancve
debiancve
CVE-2020-10543
2020-06-05 14:15:10
CVE-2020-10878
2020-06-05 14:15:10
redhatcve
redhatcve
CVE-2020-10543
2020-06-06 02:25:39
CVE-2020-10878
2020-06-06 01:56:30
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-10543
2021-09-22 16:31:04
Fix of CVE: CVE-2020-10878
2021-09-22 16:30:34
cve
cve
CVE-2020-10543
2020-06-05 14:15:10
CVE-2020-10878
2020-06-05 14:15:10
ubuntucve
ubuntucve
CVE-2020-10543
2020-06-01 00:00:00
CVE-2020-10878
2020-06-01 00:00:00
alpinelinux
alpinelinux
CVE-2020-10878
2020-06-05 14:15:10
CVE-2020-10543
2020-06-05 14:15:10
hackerone
hackerone
cvelist
cvelist
CVE-2020-10543
2020-06-05 13:17:49
CVE-2020-10878
2020-06-05 13:27:22
nvd
nvd
CVE-2020-10543
2020-06-05 14:15:10
CVE-2020-10878
2020-06-05 14:15:10
f5
f5
K40508224 : Perl vulnerability CVE-2020-10878
2022-02-03 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47
apple
apple
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
9.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
Related for REDHAT-RHSA-2021-1678.NASL