Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_LIBTASN1-RHEL7.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 7 : libtasn1 (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
redhat enterprise linux
unpatched vulnerability
libtasn1
stack-based buffer overflow
null pointer dereference
dos
cpu usage
remote denial of service
exploitable vulnerability
package manager's report
nessus scanner

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • libtasn1: Stack-based buffer overflow in asn1_find_node() (CVE-2017-6891)

  • The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure.
    It may lead to a remote denial of service attack. (CVE-2017-10790)

  • GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in
    _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. (CVE-2018-1000654)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory libtasn1. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(198787);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id(
    "CVE-2017-6891",
    "CVE-2017-10790",
    "CVE-2018-6003",
    "CVE-2018-1000654"
  );

  script_name(english:"RHEL 7 : libtasn1 (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libtasn1: Stack-based buffer overflow in asn1_find_node() (CVE-2017-6891)

  - The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and
    crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure.
    It may lead to a remote denial of service attack. (CVE-2017-10790)

  - GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU
    usage will reach 100% when running asn1Paser against the POC due to an issue in
    _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be
    exploitable via parsing a crafted file. (CVE-2018-1000654)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-6891");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libtasn1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ming-virt-viewer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'libtasn1', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libtasn1'},
      {'reference':'ming-virt-viewer', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'ming-virt-viewer', 'cves':['CVE-2017-10790']},
      {'reference':'mingw-virt-viewer', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mingw-virt-viewer', 'cves':['CVE-2017-6891']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libtasn1 / ming-virt-viewer / mingw-virt-viewer');
}
VendorProductVersionCPE
redhatenterprise_linuxlibtasn1p-cpe:/a:redhat:enterprise_linux:libtasn1
redhatenterprise_linuxmingw-virt-viewerp-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer
redhatenterprise_linuxming-virt-viewerp-cpe:/a:redhat:enterprise_linux:ming-virt-viewer
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7

Related

nessus 64
suse 4
rosalinux 1
openvas 52
ubuntu 4
debian 7
cloudfoundry 3
mageia 3
osv 10
gentoo 1
cvelist 4
prion 4
veracode 4
ubuntucve 4
cve 4
redhatcve 4
nvd 4
alpinelinux 4
debiancve 4
fedora 6
archlinux 2
photon 6
nessus
nessus
RHEL 7 : libtasn1 (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : libtasn1 (Unpatched Vulnerability)
2024-05-11 00:00:00
openSUSE Security Update : libtasn1 (openSUSE-2019-1510)
2019-06-07 00:00:00
suse
suse
Security update for libtasn1 (moderate)
2019-06-05 00:00:00
Security update for libtasn1 (moderate)
2019-06-03 00:00:00
Security update for gnutls (moderate)
2018-09-25 15:11:36
rosalinux
rosalinux
Advisory ROSA-SA-2021-1895
2021-07-02 17:17:23
openvas
openvas
Ubuntu: Security Advisory (USN-3547-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1379-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2018-0121)
2022-01-28 00:00:00
ubuntu
ubuntu
Libtasn1 vulnerabilities
2018-01-25 00:00:00
Libtasn1 vulnerability
2022-03-28 00:00:00
Libtasn1 vulnerability
2017-07-18 00:00:00
debian
debian
[SECURITY] [DSA 4106-1] libtasn1-6 security update
2018-02-07 19:11:55
[SECURITY] [DSA 4106-1] libtasn1-6 security update
2018-02-07 19:11:55
[SECURITY] [DLA 1038-1] libtasn1-3 security update
2017-07-24 20:19:04
cloudfoundry
cloudfoundry
USN-3547-1: Libtasn1 vulnerabilities | Cloud Foundry
2018-03-01 00:00:00
USN-5352-1: Libtasn1 vulnerability | Cloud Foundry
2022-05-23 00:00:00
USN-3309-1: Libtasn1 vulnerability | Cloud Foundry
2017-06-22 00:00:00
mageia
mageia
Updated libtasn1 packages fix security vulnerability
2018-02-08 14:30:47
Updated libtasn1 packages fix security vulnerability
2019-12-06 17:15:42
Updated libtasn1 packages fix security vulnerability
2017-06-09 00:39:47
osv
osv
libtasn1-6 - security update
2018-02-07 00:00:00
CVE-2018-1000654
2018-08-20 19:31:44
libtasn1-6 vulnerability
2022-03-28 18:59:21
gentoo
gentoo
GNU Libtasn1: Multiple vulnerabilities
2017-10-13 00:00:00
cvelist
cvelist
CVE-2018-1000654
2018-08-20 19:00:00
CVE-2017-6891
2017-05-22 19:00:00
CVE-2018-6003
2018-01-22 20:00:00
prion
prion
Design/Logic Flaw
2018-08-20 19:31:00
Design/Logic Flaw
2018-01-22 20:29:00
Null pointer dereference
2017-07-02 03:29:00
veracode
veracode
Denial Of Service (DoS)
2022-10-31 04:39:24
Denial Of Service (DoS) Through Null Pointer Dereference
2018-04-20 07:21:22
Denial Of Service (DoS)
2020-05-10 23:25:33
ubuntucve
ubuntucve
CVE-2018-6003
2018-01-22 00:00:00
CVE-2018-1000654
2018-08-20 00:00:00
CVE-2017-6891
2017-05-22 00:00:00
cve
cve
CVE-2018-6003
2018-01-22 20:29:00
CVE-2018-1000654
2018-08-20 19:31:44
CVE-2017-6891
2017-05-22 19:29:00
redhatcve
redhatcve
CVE-2018-1000654
2020-02-25 01:31:20
CVE-2017-10790
2017-07-20 08:48:30
CVE-2018-6003
2018-01-23 09:19:58
nvd
nvd
CVE-2018-1000654
2018-08-20 19:31:44
CVE-2018-6003
2018-01-22 20:29:00
CVE-2017-10790
2017-07-02 03:29:00
alpinelinux
alpinelinux
CVE-2018-1000654
2018-08-20 19:31:44
CVE-2017-10790
2017-07-02 03:29:00
CVE-2017-6891
2017-05-22 19:29:00
debiancve
debiancve
CVE-2018-1000654
2018-08-20 19:31:44
CVE-2017-10790
2017-07-02 03:29:00
CVE-2018-6003
2018-01-22 20:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: mingw-libtasn1-4.13-1.fc27
2018-01-28 21:33:48
[SECURITY] Fedora 26 Update: libtasn1-4.12-1.fc26
2017-06-09 20:16:47
[SECURITY] Fedora 26 Update: mingw-libtasn1-4.12-1.fc26
2017-06-09 20:18:55
archlinux
archlinux
[ASA-201706-10] lib32-libtasn1: arbitrary code execution
2017-06-12 00:00:00
[ASA-201706-3] libtasn1: arbitrary code execution
2017-06-02 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0109
2018-02-21 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0236
2020-04-29 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0017
2018-02-22 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON
Related for REDHAT_UNPATCHED_LIBTASN1-RHEL7.NASL
nessus64suse4rosalinux1openvas52ubuntu4debian7cloudfoundry3mageia3osv10gentoo1cvelist4prion4veracode4ubuntucve4cve4redhatcve4nvd4alpinelinux4debiancve4fedora6archlinux2photon6