This update for zsh fixes the following issues :
CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885)
CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977)
CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links.
(bnc#1082975)
CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250)
CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998)
CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656)
CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026)
CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991)
CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002)
Autocomplete and REPORTTIME broken (bsc#896914)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1072-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(109355);
script_version("1.3");
script_cvs_date("Date: 2019/09/10 13:51:47");
script_cve_id("CVE-2014-10070", "CVE-2014-10071", "CVE-2014-10072", "CVE-2016-10714", "CVE-2017-18205", "CVE-2017-18206", "CVE-2018-1071", "CVE-2018-1083", "CVE-2018-7549");
script_name(english:"SUSE SLED12 / SLES12 Security Update : zsh (SUSE-SU-2018:1072-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for zsh fixes the following issues :
- CVE-2014-10070: environment variable injection could
lead to local privilege escalation (bnc#1082885)
- CVE-2014-10071: buffer overflow in exec.c could lead to
denial of service. (bnc#1082977)
- CVE-2014-10072: buffer overflow In utils.c when scanning
very long directory paths for symbolic links.
(bnc#1082975)
- CVE-2016-10714: In zsh before 5.3, an off-by-one error
resulted in undersized buffers that were intended to
support PATH_MAX characters. (bnc#1083250)
- CVE-2017-18205: In builtin.c when sh compatibility mode
is used, a NULL pointer dereference could lead to denial
of service (bnc#1082998)
- CVE-2018-1071: exec.c:hashcmd() function vulnerability
could lead to denial of service. (bnc#1084656)
- CVE-2018-1083: Autocomplete vulnerability could lead to
privilege escalation. (bnc#1087026)
- CVE-2018-7549: In params.c in zsh through 5.4.2, there
is a crash during a copy of an empty hash table, as
demonstrated by typeset -p. (bnc#1082991)
- CVE-2017-18206: buffer overrun in xsymlinks could lead
to denial of service (bnc#1083002)
- Autocomplete and REPORTTIME broken (bsc#896914)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082885"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082975"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082977"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082991"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082998"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083002"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083250"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1084656"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087026"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=896914"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-10070/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-10071/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2014-10072/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2016-10714/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-18205/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-18206/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-1071/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-1083/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-7549/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20181072-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b49a1ec1"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-733=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-733=1"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zsh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zsh-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:zsh-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/27");
script_set_attribute(attribute:"patch_publication_date", value:"2018/04/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/26");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"3", reference:"zsh-5.0.5-6.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"zsh-debuginfo-5.0.5-6.7.2")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"zsh-debugsource-5.0.5-6.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"zsh-5.0.5-6.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"zsh-debuginfo-5.0.5-6.7.2")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"zsh-debugsource-5.0.5-6.7.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | zsh | p-cpe:/a:novell:suse_linux:zsh |
novell | suse_linux | zsh-debuginfo | p-cpe:/a:novell:suse_linux:zsh-debuginfo |
novell | suse_linux | zsh-debugsource | p-cpe:/a:novell:suse_linux:zsh-debugsource |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10714
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18205
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18206
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7549
www.nessus.org/u?b49a1ec1
bugzilla.suse.com/show_bug.cgi?id=1082885
bugzilla.suse.com/show_bug.cgi?id=1082975
bugzilla.suse.com/show_bug.cgi?id=1082977
bugzilla.suse.com/show_bug.cgi?id=1082991
bugzilla.suse.com/show_bug.cgi?id=1082998
bugzilla.suse.com/show_bug.cgi?id=1083002
bugzilla.suse.com/show_bug.cgi?id=1083250
bugzilla.suse.com/show_bug.cgi?id=1084656
bugzilla.suse.com/show_bug.cgi?id=1087026
bugzilla.suse.com/show_bug.cgi?id=896914
www.suse.com/security/cve/CVE-2014-10070/
www.suse.com/security/cve/CVE-2014-10071/
www.suse.com/security/cve/CVE-2014-10072/
www.suse.com/security/cve/CVE-2016-10714/
www.suse.com/security/cve/CVE-2017-18205/
www.suse.com/security/cve/CVE-2017-18206/
www.suse.com/security/cve/CVE-2018-1071/
www.suse.com/security/cve/CVE-2018-1083/
www.suse.com/security/cve/CVE-2018-7549/