Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2017-0940-1.NASL
HistoryApr 06, 2017 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : audiofile (SUSE-SU-2017:0940-1)

2017-04-0600:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.8%

JSON

This audiofile update fixes the following issue: Security issues fixed :

  • CVE-2015-7747: Fixed buffer overflow issue when changing both number of channels and sample format. (bsc#949399)

  • CVE-2017-6827: heap-based buffer overflow in MSADPCM::initializeCoefficients (MSADPCM.cpp) (bsc#1026979)

  • CVE-2017-6828: heap-based buffer overflow in readValue (FileHandle.cpp) (bsc#1026980)

  • CVE-2017-6829: global buffer overflow in decodeSample (IMA.cpp) (bsc#1026981)

  • CVE-2017-6830: heap-based buffer overflow in alaw2linear_buf (G711.cpp) (bsc#1026982)

  • CVE-2017-6831: heap-based buffer overflow in IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983)

  • CVE-2017-6832: heap-based buffer overflow in MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984)

  • CVE-2017-6833: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp) (bsc#1026985)

  • CVE-2017-6834: heap-based buffer overflow in ulaw2linear_buf (G711.cpp) (bsc#1026986)

  • CVE-2017-6835: divide-by-zero in BlockCodec::reset1 (BlockCodec.cpp) (bsc#1026988)

  • CVE-2017-6836: heap-based buffer overflow in Expand3To4Module::run (SimpleModule.h) (bsc#1026987)

  • CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple ubsan crashes (bsc#1026978)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:0940-1.
# The text itself is copyright (C) SUSE.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99230);
  script_version("3.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2015-7747", "CVE-2017-6827", "CVE-2017-6828", "CVE-2017-6829", "CVE-2017-6830", "CVE-2017-6831", "CVE-2017-6832", "CVE-2017-6833", "CVE-2017-6834", "CVE-2017-6835", "CVE-2017-6836", "CVE-2017-6837", "CVE-2017-6838", "CVE-2017-6839");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : audiofile (SUSE-SU-2017:0940-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This audiofile update fixes the following issue: Security issues 
fixed :

  - CVE-2015-7747: Fixed buffer overflow issue when changing
    both number of channels and sample format. (bsc#949399)

  - CVE-2017-6827: heap-based buffer overflow in
    MSADPCM::initializeCoefficients (MSADPCM.cpp)
    (bsc#1026979)

  - CVE-2017-6828: heap-based buffer overflow in readValue
    (FileHandle.cpp) (bsc#1026980)

  - CVE-2017-6829: global buffer overflow in decodeSample
    (IMA.cpp) (bsc#1026981)

  - CVE-2017-6830: heap-based buffer overflow in
    alaw2linear_buf (G711.cpp) (bsc#1026982)

  - CVE-2017-6831: heap-based buffer overflow in
    IMA::decodeBlockWAVE (IMA.cpp) (bsc#1026983)

  - CVE-2017-6832: heap-based buffer overflow in
    MSADPCM::decodeBlock (MSADPCM.cpp) (bsc#1026984)

  - CVE-2017-6833: divide-by-zero in BlockCodec::runPull
    (BlockCodec.cpp) (bsc#1026985)

  - CVE-2017-6834: heap-based buffer overflow in
    ulaw2linear_buf (G711.cpp) (bsc#1026986)

  - CVE-2017-6835: divide-by-zero in BlockCodec::reset1
    (BlockCodec.cpp) (bsc#1026988)

  - CVE-2017-6836: heap-based buffer overflow in
    Expand3To4Module::run (SimpleModule.h) (bsc#1026987)

  - CVE-2017-6837, CVE-2017-6838, CVE-2017-6839: multiple
    ubsan crashes (bsc#1026978)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026978"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026979"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026981"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026982"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026983"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026984"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026985"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026986"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026987"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1026988"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=949399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2015-7747/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6827/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6828/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6829/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6830/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6831/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6832/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6833/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6834/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6835/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6836/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6837/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6838/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-6839/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20170940-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?61e352e6"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-542=1

SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
patch SUSE-SLE-SDK-12-SP1-2017-542=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-542=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-542=1

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-542=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-542=1

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP1-2017-542=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:audiofile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:audiofile-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:audiofile-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libaudiofile1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libaudiofile1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"audiofile-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"audiofile-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"audiofile-debugsource-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libaudiofile1-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libaudiofile1-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libaudiofile1-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"libaudiofile1-debuginfo-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"audiofile-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"audiofile-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"audiofile-debugsource-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-debuginfo-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"audiofile-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"audiofile-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"audiofile-debugsource-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libaudiofile1-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libaudiofile1-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libaudiofile1-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libaudiofile1-debuginfo-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"audiofile-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"audiofile-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"audiofile-debugsource-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-32bit-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-debuginfo-0.3.6-10.1")) flag++;
if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libaudiofile1-debuginfo-32bit-0.3.6-10.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "audiofile");
}
VendorProductVersionCPE
novellsuse_linux12cpe:/o:novell:suse_linux:12
novellsuse_linuxaudiofilep-cpe:/a:novell:suse_linux:audiofile
novellsuse_linuxaudiofile-debuginfop-cpe:/a:novell:suse_linux:audiofile-debuginfo
novellsuse_linuxaudiofile-debugsourcep-cpe:/a:novell:suse_linux:audiofile-debugsource
novellsuse_linuxlibaudiofile1p-cpe:/a:novell:suse_linux:libaudiofile1
novellsuse_linuxlibaudiofile1-debuginfop-cpe:/a:novell:suse_linux:libaudiofile1-debuginfo

References

Related

nessus 16
openvas 11
mageia 2
archlinux 1
osv 15
debian 3
cloudfoundry 1
ubuntu 2
oraclelinux 1
ubuntucve 14
fedora 2
cvelist 14
nvd 14
securityvulns 2
cve 14
prion 14
debiancve 14
redhatcve 14
cbl_mariner 13
veracode 4
nessus
nessus
openSUSE Security Update : audiofile (openSUSE-2017-476)
2017-04-18 00:00:00
RHEL 7 : audiofile (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLES11 Security Update : audiofile (SUSE-SU-2017:1182-1)
2017-05-08 00:00:00
openvas
openvas
Debian Security Advisory DSA 3814-1 (audiofile - security update)
2017-03-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1182-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0940-1)
2021-04-19 00:00:00
mageia
mageia
Updated audiofile packages fix security vulnerabilities
2017-05-06 15:17:05
Updated audiofile packages fixes security vulnerability
2015-10-25 17:38:05
archlinux
archlinux
[ASA-201708-9] audiofile: multiple issues
2017-08-14 00:00:00
osv
osv
audiofile - security update
2017-03-22 00:00:00
audiofile - security update
2017-03-23 00:00:00
CVE-2017-6830
2017-03-20 16:59:02
debian
debian
[SECURITY] [DSA 3814-1] audiofile security update
2017-03-22 20:13:14
[SECURITY] [DLA 867-1] audiofile security update
2017-03-23 21:05:34
[SECURITY] [DSA 3814-1] audiofile security update
2017-03-22 20:13:14
cloudfoundry
cloudfoundry
USN-3241-1: audiofile vulnerabilities | Cloud Foundry
2017-04-04 00:00:00
ubuntu
ubuntu
audiofile vulnerabilities
2017-03-22 00:00:00
audiofile vulnerability
2015-10-28 00:00:00
oraclelinux
oraclelinux
audiofile security update
2020-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2017-6827
2017-03-15 00:00:00
CVE-2017-6837
2017-03-14 00:00:00
CVE-2017-6836
2017-03-14 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: audiofile-0.3.6-9.fc22
2015-12-07 21:23:22
[SECURITY] Fedora 23 Update: audiofile-0.3.6-9.fc23
2015-11-01 03:26:03
cvelist
cvelist
CVE-2015-7747
2020-02-19 20:27:49
CVE-2017-6839
2017-03-20 16:00:00
CVE-2017-6827
2017-03-15 14:00:00
nvd
nvd
CVE-2015-7747
2020-02-19 21:15:11
CVE-2017-6839
2017-03-20 16:59:03
CVE-2017-6837
2017-03-20 16:59:02
securityvulns
securityvulns
[USN-2787-1] audiofile vulnerability
2015-11-02 00:00:00
audiofile memory corruption
2015-11-02 00:00:00
cve
cve
CVE-2015-7747
2020-02-19 21:15:11
CVE-2017-6832
2017-03-20 16:59:02
CVE-2017-6830
2017-03-20 16:59:02
prion
prion
Buffer overflow
2020-02-19 21:15:00
Heap overflow
2017-03-15 14:59:00
Heap overflow
2017-03-20 16:59:00
debiancve
debiancve
CVE-2015-7747
2020-02-19 21:15:11
CVE-2017-6833
2017-03-20 16:59:02
CVE-2017-6839
2017-03-20 16:59:03
redhatcve
redhatcve
CVE-2017-6839
2017-03-16 13:18:15
CVE-2017-6827
2017-03-16 12:49:01
CVE-2017-6830
2017-03-16 12:49:23
cbl_mariner
cbl_mariner
CVE-2017-6839 affecting package audiofile 0.3.6-27
2024-07-04 09:08:38
CVE-2017-6830 affecting package audiofile 0.3.6-27
2024-07-04 09:08:38
CVE-2017-6827 affecting package audiofile 0.3.6-27
2024-07-04 09:08:38
veracode
veracode
Denial Of Service (DoS)
2018-07-24 06:59:53
Denial Of Service (DoS)
2018-07-24 08:48:15
Denial Of Service (DoS)
2018-07-24 08:53:46

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.015 Low

EPSS

Percentile

86.8%

JSON
Related for SUSE_SU-2017-0940-1.NASL
nessus16openvas11mageia2archlinux1osv15debian3cloudfoundry1ubuntu2oraclelinux1ubuntucve14fedora2cvelist14nvd14securityvulns2cve14prion14debiancve14redhatcve14cbl_mariner13veracode4