Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2017-0603-1.NASL
HistoryMar 06, 2017 - 12:00 a.m.

SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0603-1)

2017-03-0600:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
35
JSON

This update for openssh fixes the following issues: Security issues fixed :

  • CVE-2016-8858: prevent resource depletion during key exchange (bsc#1005480)

  • CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation (bsc#1016366)

  • CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling authentication (bsc#1016369) Non security issues fixed :

  • Properly verify CIDR masks in the AllowUsers and DenyUsers configuration lists (bsc#1005893)

  • fix suggested command for removing conflicting server keys from the known_hosts file (bsc#1006221)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0603-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(97549);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-10009", "CVE-2016-10011", "CVE-2016-8858");

  script_name(english:"SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0603-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for openssh fixes the following issues: Security issues
fixed :

  - CVE-2016-8858: prevent resource depletion during key
    exchange (bsc#1005480)

  - CVE-2016-10009: limit directories for loading PKCS11
    modules to avoid privilege escalation (bsc#1016366)

  - CVE-2016-10011: Prevent possible leaks of host private
    keys to low-privilege process handling authentication
    (bsc#1016369) Non security issues fixed :

  - Properly verify CIDR masks in the AllowUsers and
    DenyUsers configuration lists (bsc#1005893)

  - fix suggested command for removing conflicting server
    keys from the known_hosts file (bsc#1006221)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005480"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1005893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1006221"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1016366"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1016369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10009/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-10011/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2016-8858/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20170603-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?9e11187d"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-openssh-13002=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-openssh-13002=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-fips");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openssh-helpers");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-6.6p1-35.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-askpass-gnome-6.6p1-35.4")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-fips-6.6p1-35.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"openssh-helpers-6.6p1-35.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh");
}
VendorProductVersionCPE
novellsuse_linuxopensshp-cpe:/a:novell:suse_linux:openssh
novellsuse_linuxopenssh-askpass-gnomep-cpe:/a:novell:suse_linux:openssh-askpass-gnome
novellsuse_linuxopenssh-fipsp-cpe:/a:novell:suse_linux:openssh-fips
novellsuse_linuxopenssh-helpersp-cpe:/a:novell:suse_linux:openssh-helpers
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

nessus 92
aix 1
openvas 10
fedora 1
slackware 1
ibm 24
archlinux 1
symantec 2
redhatcve 3
ubuntucve 4
freebsd 3
prion 4
f5 4
freebsd_advisory 2
checkpoint_advisories 1
debiancve 4
cve 4
osv 4
oraclelinux 1
ubuntu 1
seebug 2
alpinelinux 3
myhack58 1
cloudlinux 1
cloudfoundry 1
amazon 3
packetstorm 2
zdt 1
centos 1
redhat 1
photon 1
broadcom 1
veracode 1
altlinux 3
debian 1
gentoo 1
rosalinux 1
cisa 1
ics 2
apple 2
nessus
nessus
SUSE SLED12 Security Update : openssh (SUSE-SU-2017:0607-2)
2017-03-10 00:00:00
SUSE SLES11 Security Update : openssh (SUSE-SU-2017:0606-1)
2017-03-07 00:00:00
SUSE SLES12 Security Update : openssh (SUSE-SU-2017:0607-3)
2017-03-10 00:00:00
aix
aix
Vulnerabilities in OpenSSH affect AIX.
2017-02-05 23:36:10
openvas
openvas
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1054)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2017-1055)
2020-01-23 00:00:00
Fedora Update for openssh FEDORA-2017-4767e2991d
2017-01-10 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: openssh-7.4p1-1.fc25
2017-01-06 20:25:39
slackware
slackware
[slackware-security] openssh
2016-12-24 01:35:34
ibm
ibm
Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM)
2018-06-18 01:39:52
Security Bulletin: Vulnerabilities in OpenSSH affect IBM Chassis Management Module (CMM)
2019-01-31 02:40:01
Security Bulletin: IBM Security Network Protection is affected by vulnerabilities in OpenSSH (CVE-2016-6210 CVE-2016-6515 CVE-2016-10009 CVE-2016-10011)
2018-06-16 22:03:39
archlinux
archlinux
[ASA-201612-20] openssh: multiple issues
2016-12-22 00:00:00
symantec
symantec
SA144 : OpenSSH Vulnerabilities January 2017
2017-03-02 08:00:00
SA136 : OpenSSH Vulnerabilities
2016-12-13 08:00:00
redhatcve
redhatcve
CVE-2016-8858
2016-10-20 07:47:22
CVE-2016-10011
2016-12-20 08:47:24
CVE-2016-10009
2016-12-20 07:47:25
ubuntucve
ubuntucve
CVE-2016-8858
2016-12-09 00:00:00
CVE-2016-10011
2017-01-04 00:00:00
CVE-2016-10009
2017-01-04 00:00:00
freebsd
freebsd
FreeBSD -- OpenSSH Remote Denial of Service vulnerability
2016-10-19 00:00:00
FreeBSD -- OpenSSH multiple vulnerabilities
2017-01-11 00:00:00
openssh -- multiple vulnerabilities
2016-12-25 00:00:00
prion
prion
Design/Logic Flaw
2017-01-05 02:59:00
Design/Logic Flaw
2016-12-09 11:59:00
Design/Logic Flaw
2017-01-05 02:59:00
f5
f5
K57304814 : OpenSSH vulnerability CVE-2016-8858
2017-01-19 00:00:00
K24324390 : OpenSSH vulnerability CVE-2016-10011
2017-01-27 00:00:00
K31440025 : OpenSSH vulnerability CVE-2016-10009
2017-01-24 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:33.openssh
2016-11-02 00:00:00
FreeBSD-SA-17:01.openssh
2017-01-11 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSH kex_input_kexinit Denial of Service (CVE-2016-8858)
2017-04-23 00:00:00
debiancve
debiancve
CVE-2016-8858
2016-12-09 11:59:00
CVE-2016-10011
2017-01-05 02:59:00
CVE-2016-10009
2017-01-05 02:59:00
cve
cve
CVE-2016-8858
2016-12-09 11:59:00
CVE-2016-10011
2017-01-05 02:59:00
CVE-2016-10009
2017-01-05 02:59:00
osv
osv
CVE-2016-10011
2017-01-05 02:59:03
CVE-2016-10009
2017-01-05 02:59:03
CVE-2023-38408
2023-07-20 03:15:10
oraclelinux
oraclelinux
openssh security, bug fix, and enhancement update
2017-08-07 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2018-01-22 00:00:00
seebug
seebug
OpenSSH information leak Vulnerability, CVE-2016-10011)
2016-12-21 00:00:00
OpenSSH remote code execution vulnerability, CVE-2016-10009)
2016-12-21 00:00:00
alpinelinux
alpinelinux
CVE-2016-10011
2017-01-05 02:59:00
CVE-2016-10009
2017-01-05 02:59:00
CVE-2023-38408
2023-07-20 03:15:10
myhack58
myhack58
OpenSSH is now in the risk of vulnerabilities can cause remote code execution-vulnerability warning-the black bar safety net
2016-12-21 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2016-10009 in openssh-5.3p1
2022-07-04 19:13:43
cloudfoundry
cloudfoundry
USN-3538-1: OpenSSH vulnerabilities | Cloud Foundry
2018-02-01 00:00:00
amazon
amazon
Medium: openssh
2017-10-03 11:00:00
Important: openssh
2023-08-17 11:39:00
Important: openssh
2023-08-03 18:09:00
packetstorm
packetstorm
OpenSSH Arbitrary Library Loading
2016-12-23 00:00:00
OpenSSH Forwarded SSH-Agent Remote Code Execution
2023-07-20 00:00:00
zdt
zdt
OpenSSH 7.4 - agent Protocol Arbitrary Library Loading Vulnerability
2016-12-23 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2017-08-24 01:40:16
redhat
redhat
(RHSA-2017:2029) Moderate: openssh security, bug fix, and enhancement update
2017-08-01 05:57:17
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0014
2016-12-15 00:00:00
broadcom
broadcom
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution (CVE-2023-38408)
2023-11-07 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2023-07-20 11:22:49
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.3
2016-10-20 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.3
2016-10-20 00:00:00
Security fix for the ALT Linux 8 package openssh version 7.2p2-alt2
2016-10-21 00:00:00
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2016-12-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1938
2021-07-02 17:38:20
cisa
cisa
Juniper Networks Releases Security Updates
2018-01-11 00:00:00
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-19 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
apple
apple
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite - Apple Support
2017-08-29 02:52:03
About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
2017-03-27 00:00:00
JSON
Related for SUSE_SU-2017-0603-1.NASL
nessus92aix1openvas10fedora1slackware1ibm24archlinux1symantec2redhatcve3ubuntucve4freebsd3prion4f54freebsd_advisory2checkpoint_advisories1debiancve4cve4osv4oraclelinux1ubuntu1seebug2alpinelinux3myhack581cloudlinux1cloudfoundry1amazon3packetstorm2zdt1centos1redhat1photon1broadcom1veracode1altlinux3debian1gentoo1rosalinux1cisa1ics2apple2