Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_LIBXML2-RHEL7.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 7 : libxml2 (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
redhat enterprise linux
libxml2
unpatched vulnerability
cve-2017-7375
denial of service
cve-2016-4483
xml external entity (xxe) attacks

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • libxml2: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375)

  • The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. (CVE-2016-4483)

  • libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
    (CVE-2016-9318)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory libxml2. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(198562);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/15");

  script_cve_id(
    "CVE-2016-4483",
    "CVE-2016-9318",
    "CVE-2017-0663",
    "CVE-2017-5130",
    "CVE-2017-5969",
    "CVE-2017-7375",
    "CVE-2017-8872",
    "CVE-2017-9047",
    "CVE-2017-9048",
    "CVE-2017-9049",
    "CVE-2017-9050",
    "CVE-2017-16931",
    "CVE-2017-16932",
    "CVE-2021-3541",
    "CVE-2022-29824",
    "CVE-2023-45322"
  );

  script_name(english:"RHEL 7 : libxml2 (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - libxml2: Missing validation for external entities in xmlParsePEReference (CVE-2017-7375)

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to
    cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value,
    related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. (CVE-2016-4483)

  - libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag
    directly indicating that the current document may be read but other files may not be opened, which makes
    it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
    (CVE-2016-9318)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7375");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'libxml2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'libxml2', 'cves':['CVE-2016-4483', 'CVE-2016-9318', 'CVE-2017-0663', 'CVE-2017-5969', 'CVE-2017-7375', 'CVE-2017-8872', 'CVE-2017-9047', 'CVE-2017-9048', 'CVE-2017-9049', 'CVE-2017-9050', 'CVE-2017-16931', 'CVE-2017-16932', 'CVE-2021-3541', 'CVE-2022-29824', 'CVE-2023-45322']},
      {'reference':'mingw-virt-viewer', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mingw-virt-viewer', 'cves':['CVE-2017-5130', 'CVE-2017-7375', 'CVE-2017-8872']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libxml2 / mingw-virt-viewer');
}
VendorProductVersionCPE
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxlibxml2p-cpe:/a:redhat:enterprise_linux:libxml2
redhatenterprise_linuxmingw-virt-viewerp-cpe:/a:redhat:enterprise_linux:mingw-virt-viewer

References

Related

gentoo 1
nessus 54
ibm 31
openvas 42
osv 5
debian 5
ubuntu 4
cloudfoundry 2
mageia 2
rubygems 1
freebsd 1
veracode 10
altlinux 2
fedora 2
debiancve 3
prion 4
redhatcve 5
ubuntucve 7
nvd 6
photon 1
cve 4
cvelist 6
alpinelinux 1
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
nessus
nessus
GLSA-201711-01 : libxml2: Multiple vulnerabilities
2017-11-10 00:00:00
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1557-1)
2017-06-14 00:00:00
Debian DLA-1008-1 : libxml2 security update
2017-07-03 00:00:00
ibm
ibm
Security Bulletin: IBM Cognos Business Intelligence Server 2017Q4 Security Updater: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
2018-06-15 23:47:49
Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities
2018-06-16 14:17:37
openvas
openvas
Debian: Security Advisory (DLA-1008-1)
2018-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1557-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-3424-1)
2017-09-19 00:00:00
osv
osv
libxml2 - security update
2017-06-30 00:00:00
libxml2 - security update
2017-08-23 00:00:00
libxml2 - security update
2022-04-08 00:00:00
debian
debian
[SECURITY] [DLA 1008-1] libxml2 security update
2017-06-30 20:47:21
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
[SECURITY] [DSA 3952-1] libxml2 security update
2017-08-23 04:54:22
ubuntu
ubuntu
libxml2 vulnerabilities
2017-10-10 00:00:00
libxml2 vulnerabilities
2017-09-19 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
cloudfoundry
cloudfoundry
USN-3424-1: libxml2 vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
USN-3504-1: libxml2 vulnerability | Cloud Foundry
2017-12-14 00:00:00
mageia
mageia
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
Updated libxml2 packages fix security vulnerability
2018-01-03 18:50:51
rubygems
rubygems
Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
2017-09-18 21:00:00
freebsd
freebsd
libxml2 -- Multiple Issues
2017-05-10 00:00:00
veracode
veracode
Vulnerability Through C Libraries
2017-11-01 05:30:33
Copy-paste Vulnerability Through LibXML2
2017-11-23 23:43:55
Multiple Stack Overflows Through Embedded C Dependency
2017-05-17 06:00:22
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27
2018-01-30 18:12:24
[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26
2018-02-14 17:11:02
debiancve
debiancve
CVE-2016-4483
2017-04-11 16:59:00
CVE-2016-9318
2016-11-16 00:59:00
CVE-2017-7375
2018-02-19 19:29:00
prion
prion
Out-of-bounds
2017-04-11 16:59:00
Code injection
2017-11-23 21:29:00
Xxe
2016-11-16 00:59:00
redhatcve
redhatcve
CVE-2016-4483
2016-05-04 07:49:18
CVE-2017-16931
2017-11-24 15:49:50
CVE-2017-7375
2017-06-16 12:52:20
ubuntucve
ubuntucve
CVE-2017-9049
2017-05-18 00:00:00
CVE-2016-4483
2016-05-04 00:00:00
CVE-2017-9050
2017-05-18 00:00:00
nvd
nvd
CVE-2016-4483
2017-04-11 16:59:00
CVE-2017-16931
2017-11-23 21:29:00
CVE-2016-9318
2016-11-16 00:59:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0024
2017-07-13 00:00:00
cve
cve
CVE-2016-4483
2017-04-11 16:59:00
CVE-2017-16931
2017-11-23 21:29:00
CVE-2017-7375
2018-02-19 19:29:00
cvelist
cvelist
CVE-2016-4483
2017-04-11 16:00:00
CVE-2017-7375
2018-02-19 19:00:00
CVE-2016-9318
2016-11-16 00:00:00
alpinelinux
alpinelinux
CVE-2016-9318
2016-11-16 00:59:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

JSON
Related for REDHAT_UNPATCHED_LIBXML2-RHEL7.NASL
gentoo1nessus54ibm31openvas42osv5debian5ubuntu4cloudfoundry2mageia2rubygems1freebsd1veracode10altlinux2fedora2debiancve3prion4redhatcve5ubuntucve7nvd6photon1cve4cvelist6alpinelinux1