ID SUSE_SU-2017-3183-1.NASL Type nessus Reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-11-02T00:00:00
Description
This update for ncurses fixes the following issues: Security issues
fixed :
CVE-2017-13728: Fix infinite loop in the next_char
function in comp_scan.c (bsc#1056136).
CVE-2017-13729: Fix illegal address access in the
_nc_save_str (bsc#1056132).
CVE-2017-13730: Fix illegal address access in the
function _nc_read_entry_source() (bsc#1056131).
CVE-2017-13731: Fix illegal address access in the
function postprocess_termcap() (bsc#1056129).
CVE-2017-13732: Fix illegal address access in the
function dump_uses() (bsc#1056128).
CVE-2017-13733: Fix illegal address access in the
fmt_entry function (bsc#1056127).
CVE-2017-16879: Fix stack-based buffer overflow in the
_nc_write_entry() function (bsc#1069530).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:3183-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(104993);
script_version("3.8");
script_cvs_date("Date: 2019/09/11 11:22:16");
script_cve_id("CVE-2017-13728", "CVE-2017-13729", "CVE-2017-13730", "CVE-2017-13731", "CVE-2017-13732", "CVE-2017-13733", "CVE-2017-16879");
script_name(english:"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for ncurses fixes the following issues: Security issues
fixed :
- CVE-2017-13728: Fix infinite loop in the next_char
function in comp_scan.c (bsc#1056136).
- CVE-2017-13729: Fix illegal address access in the
_nc_save_str (bsc#1056132).
- CVE-2017-13730: Fix illegal address access in the
function _nc_read_entry_source() (bsc#1056131).
- CVE-2017-13731: Fix illegal address access in the
function postprocess_termcap() (bsc#1056129).
- CVE-2017-13732: Fix illegal address access in the
function dump_uses() (bsc#1056128).
- CVE-2017-13733: Fix illegal address access in the
fmt_entry function (bsc#1056127).
- CVE-2017-16879: Fix stack-based buffer overflow in the
_nc_write_entry() function (bsc#1069530).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056127"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056128"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056129"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056131"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056132"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1056136"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1069530"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13728/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13729/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13730/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13731/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13732/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13733/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-16879/"
);
# https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b6a0084b"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-ncurses-13364=1
SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-ncurses-13364=1
SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-ncurses-13364=1
To bring your system up-to-date, use 'zypper patch'."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libncurses5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libncurses6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ncurses-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ncurses-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:tack");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:terminfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:terminfo-base");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/29");
script_set_attribute(attribute:"patch_publication_date", value:"2017/12/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/04");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libncurses5-32bit-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"libncurses6-32bit-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"ncurses-devel-32bit-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libncurses5-32bit-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"libncurses6-32bit-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"ncurses-devel-32bit-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libncurses5-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"libncurses6-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"ncurses-devel-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"ncurses-utils-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"tack-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"terminfo-5.6-93.12.1")) flag++;
if (rpm_check(release:"SLES11", sp:"4", reference:"terminfo-base-5.6-93.12.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncurses");
}
{"id": "SUSE_SU-2017-3183-1.NASL", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)", "description": "This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2017-12-04T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/104993", "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?b6a0084b", "https://www.suse.com/security/cve/CVE-2017-13729/", "https://www.suse.com/security/cve/CVE-2017-13732/", "https://bugzilla.suse.com/show_bug.cgi?id=1069530", "https://bugzilla.suse.com/show_bug.cgi?id=1056128", "https://bugzilla.suse.com/show_bug.cgi?id=1056131", "https://www.suse.com/security/cve/CVE-2017-13733/", "https://www.suse.com/security/cve/CVE-2017-13728/", "https://www.suse.com/security/cve/CVE-2017-13730/", "https://www.suse.com/security/cve/CVE-2017-13731/", "https://www.suse.com/security/cve/CVE-2017-16879/", "https://bugzilla.suse.com/show_bug.cgi?id=1056129", "https://bugzilla.suse.com/show_bug.cgi?id=1056136", "https://bugzilla.suse.com/show_bug.cgi?id=1056127", "https://bugzilla.suse.com/show_bug.cgi?id=1056132"], "cvelist": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "type": "nessus", "lastseen": "2019-11-03T12:19:31", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "cvelist": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "description": "This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "enchantments": {"dependencies": {"modified": "2019-10-28T21:23:29", "references": [{"idList": ["SUSE_SU-2018-0178-1.NASL", "PHOTONOS_PHSA-2017-0053.NASL", "GENTOO_GLSA-201804-13.NASL", "OPENSUSE-2018-55.NASL", "PHOTONOS_PHSA-2017-0053_NCURSES.NASL", "EULEROS_SA-2018-1006.NASL", "EULEROS_SA-2018-1005.NASL", "SUSE_SU-2018-0120-1.NASL", "FREEBSD_PKG_B84DBD94E8944C91B8CDD328537B1B2B.NASL", "SUSE_SU-2018-0284-1.NASL"], "type": "nessus"}, {"idList": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "type": "cve"}, {"idList": ["GLSA-201804-13"], "type": "gentoo"}, {"idList": ["B84DBD94-E894-4C91-B8CD-D328537B1B2B"], "type": "freebsd"}, {"idList": ["SUSE-SU-2017:3183-1"], "type": "suse"}]}, "score": {"modified": "2019-10-28T21:23:29", "value": 5.0, "vector": "NONE"}}, "hash": "5fecca9a8b9a529eafecc96097e4f67f921725d0a7f546d21d64f736d236dd9b", "hashmap": [{"hash": "40c339f9be346647308f3c2508e2a635", "key": "sourceData"}, {"hash": "0b08908cd8877bcae2c7f2dfc9a0c758", "key": "cpe"}, {"hash": "620891cd14812f42c5bba5013cd181c6", "key": "href"}, {"hash": "242645d9d5e13438e87b93ab155d704d", "key": "reporter"}, {"hash": "070955f9804d44994b44158239f83feb", "key": "pluginID"}, {"hash": "6983045328b54bf9aaa12ce1da7664ad", "key": "title"}, {"hash": "8e7110891c438c2b199ea7c382786064", "key": "description"}, {"hash": "4cac367be6dd8242802053610be9dee6", "key": "cvss"}, {"hash": "2618dd710beb50cf1ad0f06178664609", "key": "cvelist"}, {"hash": "40f5113e2c334d578534ac9171d3ab5b", "key": "references"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/104993", "id": "SUSE_SU-2017-3183-1.NASL", "lastseen": "2019-10-28T21:23:29", "modified": "2019-10-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "104993", "published": "2017-12-04T00:00:00", "references": ["http://www.nessus.org/u?b6a0084b", "https://www.suse.com/security/cve/CVE-2017-13729/", "https://www.suse.com/security/cve/CVE-2017-13732/", "https://bugzilla.suse.com/show_bug.cgi?id=1069530", "https://bugzilla.suse.com/show_bug.cgi?id=1056128", "https://bugzilla.suse.com/show_bug.cgi?id=1056131", "https://www.suse.com/security/cve/CVE-2017-13733/", "https://www.suse.com/security/cve/CVE-2017-13728/", "https://www.suse.com/security/cve/CVE-2017-13730/", "https://www.suse.com/security/cve/CVE-2017-13731/", "https://www.suse.com/security/cve/CVE-2017-16879/", "https://bugzilla.suse.com/show_bug.cgi?id=1056129", "https://bugzilla.suse.com/show_bug.cgi?id=1056136", "https://bugzilla.suse.com/show_bug.cgi?id=1056127", "https://bugzilla.suse.com/show_bug.cgi?id=1056132"], "reporter": "This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104993);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:16\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-16879\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16879/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6a0084b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13364=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13364=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13364=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)", "type": "nessus", "viewCount": 28}, "differentElements": ["modified"], "edition": 13, "lastseen": "2019-10-28T21:23:29"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "cvelist": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for ncurses fixes the following issues: Security issues fixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 12, "enchantments": {"dependencies": {"modified": "2019-02-21T01:34:10", "references": [{"idList": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "type": "cve"}, {"idList": ["GLSA-201804-13"], "type": "gentoo"}, {"idList": ["B84DBD94-E894-4C91-B8CD-D328537B1B2B"], "type": "freebsd"}, {"idList": ["SUSE-SU-2017:3183-1"], "type": "suse"}, {"idList": ["SUSE_SU-2018-0178-1.NASL", "GENTOO_GLSA-201804-13.NASL", "OPENSUSE-2018-55.NASL", "PHOTONOS_PHSA-2017-1_0-0093_NCURSES.NASL", "PHOTONOS_PHSA-2017-0053_NCURSES.NASL", "EULEROS_SA-2018-1006.NASL", "EULEROS_SA-2018-1005.NASL", "SUSE_SU-2018-0120-1.NASL", "FREEBSD_PKG_B84DBD94E8944C91B8CDD328537B1B2B.NASL", "SUSE_SU-2018-0284-1.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-02-21T01:34:10", "value": 4.9, "vector": "NONE"}}, "hash": "bbbf21825021b085bb7b67b0432261350c671567ae3aa355fc6014acd41366f7", "hashmap": [{"hash": "0b08908cd8877bcae2c7f2dfc9a0c758", "key": "cpe"}, {"hash": "d1bd333fc82e8023b4cfe2bd1bfd6f99", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f599a7b645c2e9ec39c6f42dccd4188", "key": "modified"}, {"hash": "070955f9804d44994b44158239f83feb", "key": "pluginID"}, {"hash": "6983045328b54bf9aaa12ce1da7664ad", "key": "title"}, {"hash": "2618dd710beb50cf1ad0f06178664609", "key": "cvelist"}, {"hash": "40f5113e2c334d578534ac9171d3ab5b", "key": "references"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "805945576115193138b2ab1e3d5ccc6b", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5cfb940da879907f3f37d35388c9b47f", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104993", "id": "SUSE_SU-2017-3183-1.NASL", "lastseen": "2019-02-21T01:34:10", "modified": "2018-11-30T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "104993", "published": "2017-12-04T00:00:00", "references": ["http://www.nessus.org/u?b6a0084b", "https://www.suse.com/security/cve/CVE-2017-13729/", "https://www.suse.com/security/cve/CVE-2017-13732/", "https://bugzilla.suse.com/show_bug.cgi?id=1069530", "https://bugzilla.suse.com/show_bug.cgi?id=1056128", "https://bugzilla.suse.com/show_bug.cgi?id=1056131", "https://www.suse.com/security/cve/CVE-2017-13733/", "https://www.suse.com/security/cve/CVE-2017-13728/", "https://www.suse.com/security/cve/CVE-2017-13730/", "https://www.suse.com/security/cve/CVE-2017-13731/", "https://www.suse.com/security/cve/CVE-2017-16879/", "https://bugzilla.suse.com/show_bug.cgi?id=1056129", "https://bugzilla.suse.com/show_bug.cgi?id=1056136", "https://bugzilla.suse.com/show_bug.cgi?id=1056127", "https://bugzilla.suse.com/show_bug.cgi?id=1056132"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104993);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/30 10:54:51\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-16879\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16879/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6a0084b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13364=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13364=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13364=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)", "type": "nessus", "viewCount": 28}, "differentElements": ["cvss", "description", "reporter", "modified", "sourceData", "href"], "edition": 12, "lastseen": "2019-02-21T01:34:10"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "cvelist": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for ncurses fixes the following issues: Security issues fixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b50c0521b04afda6fb3d1c837b78092b09e638c8ac9efb522c503233bd40d945", "hashmap": [{"hash": "0b08908cd8877bcae2c7f2dfc9a0c758", "key": "cpe"}, {"hash": "d1bd333fc82e8023b4cfe2bd1bfd6f99", "key": "href"}, {"hash": "4aa58edb34f602274ca6991a8056c136", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "070955f9804d44994b44158239f83feb", "key": "pluginID"}, {"hash": "6983045328b54bf9aaa12ce1da7664ad", "key": "title"}, {"hash": "2618dd710beb50cf1ad0f06178664609", "key": "cvelist"}, {"hash": "7bd5ca7d18ed6d50fdedb65db3504019", "key": "sourceData"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "153b31c938e37f27cdc2481faa33396e", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5cfb940da879907f3f37d35388c9b47f", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104993", "id": "SUSE_SU-2017-3183-1.NASL", "lastseen": "2018-08-02T08:18:33", "modified": "2018-08-01T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "104993", "published": "2017-12-04T00:00:00", "references": ["https://bugzilla.suse.com/1056131", "https://www.suse.com/security/cve/CVE-2017-13731.html", "https://bugzilla.suse.com/1056132", "https://www.suse.com/security/cve/CVE-2017-16879.html", "https://www.suse.com/security/cve/CVE-2017-13732.html", "https://www.suse.com/security/cve/CVE-2017-13730.html", "https://www.suse.com/security/cve/CVE-2017-13728.html", "https://bugzilla.suse.com/1056128", "https://bugzilla.suse.com/1056136", "https://www.suse.com/security/cve/CVE-2017-13733.html", "https://bugzilla.suse.com/1056127", "https://bugzilla.suse.com/1069530", "https://bugzilla.suse.com/1056129", "https://www.suse.com/security/cve/CVE-2017-13729.html", "http://www.nessus.org/u?5e279187"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104993);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2018/08/01 17:36:13\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-16879\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1069530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16879.html\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e279187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13364=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13364=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13364=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)", "type": "nessus", "viewCount": 28}, "differentElements": ["modified", "sourceData"], "edition": 5, "lastseen": "2018-08-02T08:18:33"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "cvelist": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for ncurses fixes the following issues: Security issues fixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "ecd5ac0aa67554985a3849fd03207936ce16dca3b4af6d824576d90719c2882c", "hashmap": [{"hash": "bccca7577f3a91f236cebc62f5d55f0a", "key": "sourceData"}, {"hash": "0b08908cd8877bcae2c7f2dfc9a0c758", "key": "cpe"}, {"hash": "d1bd333fc82e8023b4cfe2bd1bfd6f99", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "070955f9804d44994b44158239f83feb", "key": "pluginID"}, {"hash": "6983045328b54bf9aaa12ce1da7664ad", "key": "title"}, {"hash": "21d85ac356942e38bedd62956a962b5a", "key": "modified"}, {"hash": "2618dd710beb50cf1ad0f06178664609", "key": "cvelist"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "153b31c938e37f27cdc2481faa33396e", "key": "references"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "5cfb940da879907f3f37d35388c9b47f", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104993", "id": "SUSE_SU-2017-3183-1.NASL", "lastseen": "2018-08-05T12:12:21", "modified": "2018-08-02T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "104993", "published": "2017-12-04T00:00:00", "references": ["https://bugzilla.suse.com/1056131", "https://www.suse.com/security/cve/CVE-2017-13731.html", "https://bugzilla.suse.com/1056132", "https://www.suse.com/security/cve/CVE-2017-16879.html", "https://www.suse.com/security/cve/CVE-2017-13732.html", "https://www.suse.com/security/cve/CVE-2017-13730.html", "https://www.suse.com/security/cve/CVE-2017-13728.html", "https://bugzilla.suse.com/1056128", "https://bugzilla.suse.com/1056136", "https://www.suse.com/security/cve/CVE-2017-13733.html", "https://bugzilla.suse.com/1056127", "https://bugzilla.suse.com/1069530", "https://bugzilla.suse.com/1056129", "https://www.suse.com/security/cve/CVE-2017-13729.html", "http://www.nessus.org/u?5e279187"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104993);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/08/02 16:41:59\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-16879\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1069530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16879.html\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e279187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13364=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13364=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13364=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)", "type": "nessus", "viewCount": 28}, "differentElements": ["cvss"], "edition": 6, "lastseen": "2018-08-05T12:12:21"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "cvelist": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "enchantments": {"dependencies": {"modified": "2019-01-16T20:30:06", "references": [{"idList": ["CVE-2017-13730", "CVE-2017-13733", "CVE-2017-13732", "CVE-2017-13728", "CVE-2017-13729", "CVE-2017-16879", "CVE-2017-13731"], "type": "cve"}, {"idList": ["GLSA-201804-13"], "type": "gentoo"}, {"idList": ["B84DBD94-E894-4C91-B8CD-D328537B1B2B"], "type": "freebsd"}, {"idList": ["SUSE-SU-2017:3183-1"], "type": "suse"}, {"idList": ["SUSE_SU-2018-0178-1.NASL", "GENTOO_GLSA-201804-13.NASL", "OPENSUSE-2018-55.NASL", "PHOTONOS_PHSA-2017-1_0-0093_NCURSES.NASL", "PHOTONOS_PHSA-2017-0053_NCURSES.NASL", "EULEROS_SA-2018-1006.NASL", "EULEROS_SA-2018-1005.NASL", "SUSE_SU-2018-0120-1.NASL", "FREEBSD_PKG_B84DBD94E8944C91B8CDD328537B1B2B.NASL", "SUSE_SU-2018-0284-1.NASL"], "type": "nessus"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "0cbe2820d43f51cc4d2504d0d90b6ae58b22380948028fd2134b01b87c78d162", "hashmap": [{"hash": "0b08908cd8877bcae2c7f2dfc9a0c758", "key": "cpe"}, {"hash": "d1bd333fc82e8023b4cfe2bd1bfd6f99", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "8f599a7b645c2e9ec39c6f42dccd4188", "key": "modified"}, {"hash": "070955f9804d44994b44158239f83feb", "key": "pluginID"}, {"hash": "6983045328b54bf9aaa12ce1da7664ad", "key": "title"}, {"hash": "8e7110891c438c2b199ea7c382786064", "key": "description"}, {"hash": "2618dd710beb50cf1ad0f06178664609", "key": "cvelist"}, {"hash": "40f5113e2c334d578534ac9171d3ab5b", "key": "references"}, {"hash": "80582f9196482d182fd4cd47f0c2c2cf", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "805945576115193138b2ab1e3d5ccc6b", "key": "sourceData"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=104993", "id": "SUSE_SU-2017-3183-1.NASL", "lastseen": "2019-01-16T20:30:06", "modified": "2018-11-30T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "104993", "published": "2017-12-04T00:00:00", "references": ["http://www.nessus.org/u?b6a0084b", "https://www.suse.com/security/cve/CVE-2017-13729/", "https://www.suse.com/security/cve/CVE-2017-13732/", "https://bugzilla.suse.com/show_bug.cgi?id=1069530", "https://bugzilla.suse.com/show_bug.cgi?id=1056128", "https://bugzilla.suse.com/show_bug.cgi?id=1056131", "https://www.suse.com/security/cve/CVE-2017-13733/", "https://www.suse.com/security/cve/CVE-2017-13728/", "https://www.suse.com/security/cve/CVE-2017-13730/", "https://www.suse.com/security/cve/CVE-2017-13731/", "https://www.suse.com/security/cve/CVE-2017-16879/", "https://bugzilla.suse.com/show_bug.cgi?id=1056129", "https://bugzilla.suse.com/show_bug.cgi?id=1056136", "https://bugzilla.suse.com/show_bug.cgi?id=1056127", "https://bugzilla.suse.com/show_bug.cgi?id=1056132"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104993);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2018/11/30 10:54:51\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-16879\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16879/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6a0084b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13364=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13364=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13364=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)", "type": "nessus", "viewCount": 28}, "differentElements": ["description"], "edition": 11, "lastseen": "2019-01-16T20:30:06"}], "edition": 14, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "0b08908cd8877bcae2c7f2dfc9a0c758"}, {"key": "cvelist", "hash": "2618dd710beb50cf1ad0f06178664609"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "description", "hash": "8e7110891c438c2b199ea7c382786064"}, {"key": "href", "hash": "620891cd14812f42c5bba5013cd181c6"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "070955f9804d44994b44158239f83feb"}, {"key": "published", "hash": "80582f9196482d182fd4cd47f0c2c2cf"}, {"key": "references", "hash": "40f5113e2c334d578534ac9171d3ab5b"}, {"key": "reporter", "hash": "242645d9d5e13438e87b93ab155d704d"}, {"key": "sourceData", "hash": "40c339f9be346647308f3c2508e2a635"}, {"key": "title", "hash": "6983045328b54bf9aaa12ce1da7664ad"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "92f376c47347827ed55b89e79e101e341e94ca469583f7c5bf76276be2c65fc7", "viewCount": 28, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["SUSE-SU-2017:3183-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2018-55.NASL", "SUSE_SU-2018-0120-1.NASL", "FREEBSD_PKG_B84DBD94E8944C91B8CDD328537B1B2B.NASL", "SUSE_SU-2018-0284-1.NASL", "GENTOO_GLSA-201804-13.NASL", "EULEROS_SA-2018-1005.NASL", "SUSE_SU-2018-0178-1.NASL", "EULEROS_SA-2018-1006.NASL", "PHOTONOS_PHSA-2017-0053_NCURSES.NASL", "PHOTONOS_PHSA-2017-0053.NASL"]}, {"type": "freebsd", "idList": ["B84DBD94-E894-4C91-B8CD-D328537B1B2B"]}, {"type": "cve", "idList": ["CVE-2017-13733", "CVE-2017-13730", "CVE-2017-13732", "CVE-2017-13731", "CVE-2017-13729", "CVE-2017-13728", "CVE-2017-16879"]}, {"type": "gentoo", "idList": ["GLSA-201804-13"]}], "modified": "2019-11-03T12:19:31"}, "score": {"value": 5.0, "vector": "NONE", "modified": "2019-11-03T12:19:31"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:3183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104993);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/11 11:22:16\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-16879\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2017:3183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-16879: Fix stack-based buffer overflow in the\n _nc_write_entry() function (bsc#1069530).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16879/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6a0084b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13364=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13364=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13364=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "104993", "cpe": ["p-cpe:/a:novell:suse_linux:ncurses-utils", "p-cpe:/a:novell:suse_linux:tack", "p-cpe:/a:novell:suse_linux:libncurses6", "p-cpe:/a:novell:suse_linux:terminfo-base", "p-cpe:/a:novell:suse_linux:terminfo", "p-cpe:/a:novell:suse_linux:ncurses-devel", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:libncurses5"], "scheme": null}
{"nessus": [{"lastseen": "2019-11-01T03:04:34", "bulletinFamily": "scanner", "description": "This update for ncurses fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2018-55.NASL", "href": "https://www.tenable.com/plugins/nessus/106218", "published": "2018-01-22T00:00:00", "title": "openSUSE Security Update : ncurses (openSUSE-2018-55)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-55.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106218);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/26 17:50:29 $\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\");\n\n script_name(english:\"openSUSE Security Update : ncurses (openSUSE-2018-55)\");\n script_summary(english:\"Check for the openSUSE-2018-55 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ncurses packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses5-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses5-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses6-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libncurses6-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-devel-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ncurses-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:tack-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libncurses5-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libncurses5-debuginfo-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libncurses6-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libncurses6-debuginfo-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ncurses-debugsource-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ncurses-devel-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ncurses-devel-debuginfo-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ncurses-utils-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ncurses-utils-debuginfo-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tack-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"tack-debuginfo-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"terminfo-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"terminfo-base-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-32bit-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-32bit-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"ncurses-devel-debuginfo-32bit-5.9-55.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libncurses5-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libncurses5-debuginfo-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libncurses6-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"libncurses6-debuginfo-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ncurses-debugsource-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ncurses-devel-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ncurses-devel-debuginfo-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ncurses-utils-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"ncurses-utils-debuginfo-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tack-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"tack-debuginfo-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"terminfo-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"terminfo-base-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-32bit-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-32bit-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.9-62.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"ncurses-devel-debuginfo-32bit-5.9-62.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libncurses5-32bit / libncurses5 / libncurses5-debuginfo-32bit / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:20:10", "bulletinFamily": "scanner", "description": "This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2018-0120-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106131", "published": "2018-01-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0120-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0120-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106131);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0120-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issues\nfixed :\n\n - CVE-2017-13728: Fix infinite loop in the next_char\n function in comp_scan.c (bsc#1056136).\n\n - CVE-2017-13730: Fix illegal address access in the\n function _nc_read_entry_source() (bsc#1056131).\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\n - CVE-2017-13729: Fix illegal address access in the\n _nc_save_str (bsc#1056132).\n\n - CVE-2017-13732: Fix illegal address access in the\n function dump_uses() (bsc#1056128).\n\n - CVE-2017-13731: Fix illegal address access in the\n function postprocess_termcap() (bsc#1056129).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180120-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10052166\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-86=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-86=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-86=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-86=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-86=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-86=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-86=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-86=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-86=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-debugsource-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-utils-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-utils-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tack-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tack-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"terminfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"terminfo-base-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-debugsource-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-utils-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-utils-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tack-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tack-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"terminfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"terminfo-base-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-debugsource-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-devel-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-devel-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-utils-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-utils-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tack-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tack-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"terminfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"terminfo-base-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-32bit-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-debugsource-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-devel-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-devel-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-utils-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-utils-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tack-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tack-debuginfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"terminfo-5.9-55.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"terminfo-base-5.9-55.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:39:27", "bulletinFamily": "scanner", "description": "ncurses developers reports :\n\nThere are multiple illegal address access issues and an infinite loop\nissue. Please refer to the CVE list for details.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_B84DBD94E8944C91B8CDD328537B1B2B.NASL", "href": "https://www.tenable.com/plugins/nessus/103797", "published": "2017-10-12T00:00:00", "title": "FreeBSD : ncurses -- multiple issues (b84dbd94-e894-4c91-b8cd-d328537b1b2b)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103797);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:46\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-13734\");\n\n script_name(english:\"FreeBSD : ncurses -- multiple issues (b84dbd94-e894-4c91-b8cd-d328537b1b2b)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ncurses developers reports :\n\nThere are multiple illegal address access issues and an infinite loop\nissue. Please refer to the CVE list for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484290\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1484291\"\n );\n # https://vuxml.freebsd.org/freebsd/b84dbd94-e894-4c91-b8cd-d328537b1b2b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae9cf9bb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ncurses<=6.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:20:31", "bulletinFamily": "scanner", "description": "This update for ncurses fixes several issues. These security issues\nwere fixed :\n\n - CVE-2017-13734: Prevent illegal address access in the\n _nc_safe_strcat function in strings.c that might have\n lead to a remote denial of service attack (bsc#1056126).\n\n - CVE-2017-13733: Prevent illegal address access in the\n fmt_entry function in progs/dump_entry.c that might have\n lead to a remote denial of service attack (bsc#1056127).\n\n - CVE-2017-13732: Prevent illegal address access in the\n function dump_uses() in progs/dump_entry.c that might\n have lead to a remote denial of service attack\n (bsc#1056128).\n\n - CVE-2017-13731: Prevent illegal address access in the\n function postprocess_termcap() in parse_entry.c that\n might have lead to a remote denial of service attack\n (bsc#1056129).\n\n - CVE-2017-13730: Prevent illegal address access in the\n function _nc_read_entry_source() in progs/tic.c that\n might have lead to a remote denial of service attack\n (bsc#1056131).\n\n - CVE-2017-13729: Prevent illegal address access in the\n _nc_save_str function in alloc_entry.c that might have\n lead to a remote denial of service attack (bsc#1056132).\n\n - CVE-2017-13728: Prevent infinite loop in the next_char\n function in comp_scan.c that might have lead to a remote\n denial of service attack (bsc#1056136).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2018-0284-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106527", "published": "2018-01-31T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0284-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0284-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106527);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-13734\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0284-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes several issues. These security issues\nwere fixed :\n\n - CVE-2017-13734: Prevent illegal address access in the\n _nc_safe_strcat function in strings.c that might have\n lead to a remote denial of service attack (bsc#1056126).\n\n - CVE-2017-13733: Prevent illegal address access in the\n fmt_entry function in progs/dump_entry.c that might have\n lead to a remote denial of service attack (bsc#1056127).\n\n - CVE-2017-13732: Prevent illegal address access in the\n function dump_uses() in progs/dump_entry.c that might\n have lead to a remote denial of service attack\n (bsc#1056128).\n\n - CVE-2017-13731: Prevent illegal address access in the\n function postprocess_termcap() in parse_entry.c that\n might have lead to a remote denial of service attack\n (bsc#1056129).\n\n - CVE-2017-13730: Prevent illegal address access in the\n function _nc_read_entry_source() in progs/tic.c that\n might have lead to a remote denial of service attack\n (bsc#1056131).\n\n - CVE-2017-13729: Prevent illegal address access in the\n _nc_save_str function in alloc_entry.c that might have\n lead to a remote denial of service attack (bsc#1056132).\n\n - CVE-2017-13728: Prevent infinite loop in the next_char\n function in comp_scan.c that might have lead to a remote\n denial of service attack (bsc#1056136).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13728/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13729/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13730/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13731/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13732/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13734/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180284-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?36382651\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-209=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-209=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-209=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-209=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-209=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-209=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-209=1\n\nSUSE CaaS Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2018-209=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-209=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-debugsource-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-utils-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-utils-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tack-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"tack-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"terminfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"terminfo-base-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses5-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libncurses6-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ncurses-devel-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-debugsource-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-utils-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-utils-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tack-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"tack-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"terminfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"terminfo-base-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses5-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libncurses6-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ncurses-devel-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-debugsource-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-devel-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-devel-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-utils-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"ncurses-utils-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tack-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"tack-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"terminfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"terminfo-base-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses5-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-32bit-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libncurses6-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-debugsource-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-devel-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-devel-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-utils-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ncurses-utils-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tack-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"tack-debuginfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"terminfo-5.9-58.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"terminfo-base-5.9-58.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:41:47", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201804-13\n(ncurses: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ncurses. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing the user to process untrusted terminfo or\n other data, could execute arbitrary code or cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-201804-13.NASL", "href": "https://www.tenable.com/plugins/nessus/109097", "published": "2018-04-18T00:00:00", "title": "GLSA-201804-13 : ncurses: Multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201804-13.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109097);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2017-10684\", \"CVE-2017-10685\", \"CVE-2017-11112\", \"CVE-2017-11113\", \"CVE-2017-13728\", \"CVE-2017-13729\", \"CVE-2017-13730\", \"CVE-2017-13731\", \"CVE-2017-13732\", \"CVE-2017-13733\", \"CVE-2017-13734\", \"CVE-2017-16879\");\n script_xref(name:\"GLSA\", value:\"201804-13\");\n\n script_name(english:\"GLSA-201804-13 : ncurses: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201804-13\n(ncurses: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in ncurses. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing the user to process untrusted terminfo or\n other data, could execute arbitrary code or cause a Denial of Service\n condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201804-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All ncurses users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-libs/ncurses-6.1:0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-libs/ncurses\", unaffected:make_list(\"ge 6.1\"), vulnerable:make_list(\"lt 6.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:04:20", "bulletinFamily": "scanner", "description": "According to the version of the ncurses packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in the _nc_write_entry\n function in tinfo/write_entry.c in ncurses 6.0 allows\n attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted\n terminfo file, as demonstrated by tic.(CVE-2017-16879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2018-1005.NASL", "href": "https://www.tenable.com/plugins/nessus/106146", "published": "2018-01-19T00:00:00", "title": "EulerOS 2.0 SP1 : ncurses (EulerOS-SA-2018-1005)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106146);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-16879\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : ncurses (EulerOS-SA-2018-1005)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the ncurses packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in the _nc_write_entry\n function in tinfo/write_entry.c in ncurses 6.0 allows\n attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted\n terminfo file, as demonstrated by tic.(CVE-2017-16879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1005\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ddcb5fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ncurses package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-term\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"ncurses-5.9-13.20130511.h1\",\n \"ncurses-base-5.9-13.20130511.h1\",\n \"ncurses-devel-5.9-13.20130511.h1\",\n \"ncurses-libs-5.9-13.20130511.h1\",\n \"ncurses-term-5.9-13.20130511.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:04:20", "bulletinFamily": "scanner", "description": "According to the version of the ncurses packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in the _nc_write_entry\n function in tinfo/write_entry.c in ncurses 6.0 allows\n attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted\n terminfo file, as demonstrated by tic.(CVE-2017-16879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "EULEROS_SA-2018-1006.NASL", "href": "https://www.tenable.com/plugins/nessus/106147", "published": "2018-01-19T00:00:00", "title": "EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2018-1006)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106147);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\n \"CVE-2017-16879\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ncurses (EulerOS-SA-2018-1006)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the ncurses packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in the _nc_write_entry\n function in tinfo/write_entry.c in ncurses 6.0 allows\n attackers to cause a denial of service (application\n crash) or possibly execute arbitrary code via a crafted\n terminfo file, as demonstrated by tic.(CVE-2017-16879)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1006\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5de9ee04\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ncurses package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ncurses-term\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"ncurses-5.9-13.20130511.h1\",\n \"ncurses-base-5.9-13.20130511.h1\",\n \"ncurses-devel-5.9-13.20130511.h1\",\n \"ncurses-libs-5.9-13.20130511.h1\",\n \"ncurses-term-5.9-13.20130511.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:09:03", "bulletinFamily": "scanner", "description": "An update of the ncurses package has been released.", "modified": "2019-11-02T00:00:00", "id": "PHOTONOS_PHSA-2017-0053_NCURSES.NASL", "href": "https://www.tenable.com/plugins/nessus/121777", "published": "2019-02-07T00:00:00", "title": "Photon OS 2.0: Ncurses PHSA-2017-0053", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0053. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121777);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/02/07 18:14:47\");\n\n script_cve_id(\"CVE-2017-16879\");\n\n script_name(english:\"Photon OS 2.0: Ncurses PHSA-2017-0053\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ncurses package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-6.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-16879\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ncurses-6.0-13.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ncurses-compat-6.0-13.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ncurses-debuginfo-6.0-13.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ncurses-devel-6.0-13.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ncurses-libs-6.0-13.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ncurses-terminfo-6.0-13.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-03T12:20:13", "bulletinFamily": "scanner", "description": "This update for ncurses fixes the following issues: Security issue\nfixed :\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2018-0178-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106292", "published": "2018-01-24T00:00:00", "title": "SUSE SLES11 Security Update : ncurses (SUSE-SU-2018:0178-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0178-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106292);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-13733\");\n\n script_name(english:\"SUSE SLES11 Security Update : ncurses (SUSE-SU-2018:0178-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ncurses fixes the following issues: Security issue\nfixed :\n\n - CVE-2017-13733: Fix illegal address access in the\n fmt_entry function (bsc#1056127).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13733/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180178-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5503c0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-ncurses-13430=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-ncurses-13430=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-ncurses-13430=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libncurses6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ncurses-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:tack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:terminfo-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses5-32bit-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"libncurses6-32bit-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"ncurses-devel-32bit-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses5-32bit-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"libncurses6-32bit-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"ncurses-devel-32bit-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses5-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"libncurses6-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-devel-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"ncurses-utils-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"tack-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-5.6-93.15.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"terminfo-base-5.6-93.15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ncurses\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-02-08T12:48:13", "bulletinFamily": "scanner", "description": "An update of [apr,ncurses] packages for PhotonOS has been released.", "modified": "2019-02-07T00:00:00", "id": "PHOTONOS_PHSA-2017-0053.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111902", "published": "2018-08-17T00:00:00", "title": "Photon OS 2.0: Apr / Ncurses PHSA-2017-0053 (deprecated)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0053. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111902);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2017-12613\", \"CVE-2017-16879\");\n\n script_name(english:\"Photon OS 2.0: Apr / Ncurses PHSA-2017-0053 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [apr,ncurses] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?02b9874a\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-16879\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:apr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ncurses\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"apr-1.5.2-7.ph2\",\n \"apr-debuginfo-1.5.2-7.ph2\",\n \"apr-devel-1.5.2-7.ph2\",\n \"ncurses-6.0-13.ph2\",\n \"ncurses-compat-6.0-13.ph2\",\n \"ncurses-debuginfo-6.0-13.ph2\",\n \"ncurses-devel-6.0-13.ph2\",\n \"ncurses-libs-6.0-13.ph2\",\n \"ncurses-terminfo-6.0-13.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apr / ncurses\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2017-12-01T21:01:43", "bulletinFamily": "unix", "description": "This update for ncurses fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-13728: Fix infinite loop in the next_char function in\n comp_scan.c (bsc#1056136).\n - CVE-2017-13729: Fix illegal address access in the _nc_save_str\n (bsc#1056132).\n - CVE-2017-13730: Fix illegal address access in the function\n _nc_read_entry_source() (bsc#1056131).\n - CVE-2017-13731: Fix illegal address access in the function\n postprocess_termcap() (bsc#1056129).\n - CVE-2017-13732: Fix illegal address access in the function dump_uses()\n (bsc#1056128).\n - CVE-2017-13733: Fix illegal address access in the fmt_entry function\n (bsc#1056127).\n - CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry()\n function (bsc#1069530).\n\n", "modified": "2017-12-01T18:16:43", "published": "2017-12-01T18:16:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-12/msg00002.html", "id": "SUSE-SU-2017:3183-1", "title": "Security update for ncurses (important)", "type": "suse", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:08", "bulletinFamily": "unix", "description": "\nncurses developers reports:\n\nThere are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details.\n\n", "modified": "2017-08-29T00:00:00", "published": "2017-08-29T00:00:00", "id": "B84DBD94-E894-4C91-B8CD-D328537B1B2B", "href": "https://vuxml.freebsd.org/freebsd/b84dbd94-e894-4c91-b8cd-d328537b1b2b.html", "title": "ncurses -- multiple issues", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2019-05-29T18:16:49", "bulletinFamily": "NVD", "description": "There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", "modified": "2018-10-21T10:29:00", "id": "CVE-2017-13732", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13732", "published": "2017-08-29T06:29:00", "title": "CVE-2017-13732", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:16:49", "bulletinFamily": "NVD", "description": "There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.", "modified": "2018-10-21T10:29:00", "id": "CVE-2017-13731", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13731", "published": "2017-08-29T06:29:00", "title": "CVE-2017-13731", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:16:49", "bulletinFamily": "NVD", "description": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.", "modified": "2018-10-21T10:29:00", "id": "CVE-2017-13729", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13729", "published": "2017-08-29T06:29:00", "title": "CVE-2017-13729", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:16:49", "bulletinFamily": "NVD", "description": "There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.", "modified": "2018-10-21T10:29:00", "id": "CVE-2017-13733", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13733", "published": "2017-08-29T06:29:00", "title": "CVE-2017-13733", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:16:49", "bulletinFamily": "NVD", "description": "There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.", "modified": "2018-10-21T10:29:00", "id": "CVE-2017-13730", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13730", "published": "2017-08-29T06:29:00", "title": "CVE-2017-13730", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-04T12:18:50", "bulletinFamily": "NVD", "description": "There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.", "modified": "2019-10-03T00:03:00", "id": "CVE-2017-13728", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13728", "published": "2017-08-29T06:29:00", "title": "CVE-2017-13728", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:16:55", "bulletinFamily": "NVD", "description": "Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.", "modified": "2018-10-21T10:29:00", "id": "CVE-2017-16879", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16879", "published": "2017-11-22T22:29:00", "title": "CVE-2017-16879", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2018-04-17T23:20:46", "bulletinFamily": "unix", "description": "### Background\n\nFree software emulation of curses in System V.\n\n### Description\n\nMultiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing the user to process untrusted terminfo or other data, could execute arbitrary code or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll ncurses users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/ncurses-6.1:0\"", "modified": "2018-04-17T00:00:00", "published": "2018-04-17T00:00:00", "href": "https://security.gentoo.org/glsa/201804-13", "id": "GLSA-201804-13", "type": "gentoo", "title": "ncurses: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}