Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20190806_LIBWPD_ON_SL7_X.NASLHistoryAug 27, 2019 - 12:00 a.m.
Scientific Linux Security Update : libwpd on SL7.x x86_64 (20190806)
2019-08-2700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.7%
Security Fix(es) :
- libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp (CVE-2018-19208)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('compat.inc');
if (description)
{
script_id(128238);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/01");
script_cve_id("CVE-2018-19208");
script_name(english:"Scientific Linux Security Update : libwpd on SL7.x x86_64 (20190806)");
script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
script_set_attribute(attribute:"description", value:
"Security Fix(es) :
- libwpd: NULL pointer dereference in the function
WP6ContentListener::defineTable in
WP6ContentListener.cpp (CVE-2018-19208)");
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=10426
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9bf02b23");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-19208");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/12");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwpd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwpd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwpd-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libwpd-tools");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Scientific Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwpd-0.10.0-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwpd-debuginfo-0.10.0-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwpd-devel-0.10.0-2.el7")) flag++;
if (rpm_check(release:"SL7", reference:"libwpd-doc-0.10.0-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwpd-doc-0.10.0-2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"libwpd-tools-0.10.0-2.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libwpd / libwpd-debuginfo / libwpd-devel / libwpd-doc / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | libwpd | p-cpe:/a:fermilab:scientific_linux:libwpd |
| fermilab | scientific_linux | libwpd-debuginfo | p-cpe:/a:fermilab:scientific_linux:libwpd-debuginfo |
| fermilab | scientific_linux | libwpd-devel | p-cpe:/a:fermilab:scientific_linux:libwpd-devel |
| fermilab | scientific_linux | libwpd-doc | p-cpe:/a:fermilab:scientific_linux:libwpd-doc |
| fermilab | scientific_linux | libwpd-tools | p-cpe:/a:fermilab:scientific_linux:libwpd-tools |
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
suse
suse
Security update for libwpd (important)
2018-11-22 00:10:51
Security update for libwpd (important)
2018-11-24 18:08:29
openvas
openvas
openSUSE: Security Advisory for libwpd (openSUSE-SU-2018:3886-1)
2018-11-26 00:00:00
Huawei EulerOS: Security Advisory for libwpd (EulerOS-SA-2019-2708)
2020-01-23 00:00:00
Mageia: Security Advisory (MGASA-2018-0481)
2022-01-28 00:00:00
nessus
nessus
SUSE SLED12 Security Update : libwpd (SUSE-SU-2018:3812-2)
2018-12-11 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : libwpd Vulnerability (NS-SA-2019-0207)
2019-10-15 00:00:00
openSUSE Security Update : libwpd (openSUSE-2019-955)
2019-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2018-19208
2018-11-12 00:00:00
oraclelinux
oraclelinux
libwpd security update
2019-08-13 00:00:00
redhatcve
redhatcve
CVE-2018-19208
2018-11-13 15:19:13
cvelist
cvelist
CVE-2018-19208
2018-11-12 19:00:00
cve
cve
CVE-2018-19208
2018-11-12 19:29:00
debiancve
debiancve
CVE-2018-19208
2018-11-12 19:29:00
mageia
mageia
Updated libwpd packages fix security vulnerability
2018-12-16 00:29:48
prion
prion
Null pointer dereference
2018-11-12 19:29:00
nvd
nvd
CVE-2018-19208
2018-11-12 19:29:00
centos
centos
libwpd security update
2019-08-30 03:33:32
amazon
amazon
Low: libwpd
2019-10-08 21:56:00
redhat
redhat
(RHSA-2019:2126) Low: libwpd security update
2019-08-06 08:03:51
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.7%
Related for SL_20190806_LIBWPD_ON_SL7_X.NASL