Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-3250-1.NASL
HistoryJan 02, 2019 - 12:00 a.m.

SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2018:3250-1)

2019-01-0200:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

This update for clamav fixes the following issues :

clamav was updated to version 0.100.2.

Following security issues were fixed :

CVE-2018-15378: Vulnerability in ClamAV’s MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. (bsc#1110723)

CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for embedded libmspack. (bsc#1103040)

Following non-security issues were addressed: Make freshclam more robust against lagging signature mirrors.

On-Access ‘Extra Scanning’, an opt-in minor feature of OnAccess scanning on Linux systems, has been disabled due to a known issue with resource cleanup OnAccessExtraScanning will be re-enabled in a future release when the issue is resolved. In the mean-time, users who enabled the feature in clamd.conf will see a warning informing them that the feature is not active. For details, see:
https://bugzilla.clamav.net/show_bug.cgi?id=12048

Restore exit code compatibility of freshclam with versions before 0.100.0 when the virus database is already up to date (bsc#1104457)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:3250-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(120135);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/16");

  script_cve_id("CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2018:3250-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for clamav fixes the following issues :

clamav was updated to version 0.100.2.

Following security issues were fixed :

CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device. (bsc#1110723)

CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for
embedded libmspack. (bsc#1103040)

Following non-security issues were addressed: Make freshclam more
robust against lagging signature mirrors.

On-Access 'Extra Scanning', an opt-in minor feature of OnAccess
scanning on Linux systems, has been disabled due to a known issue with
resource cleanup OnAccessExtraScanning will be re-enabled in a future
release when the issue is resolved. In the mean-time, users who
enabled the feature in clamd.conf will see a warning informing them
that the feature is not active. For details, see:
https://bugzilla.clamav.net/show_bug.cgi?id=12048

Restore exit code compatibility of freshclam with versions before
0.100.0 when the virus database is already up to date (bsc#1104457)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.clamav.net/show_bug.cgi?id=12048"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1103040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1104457"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110723"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14680/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14681/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-14682/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-15378/"
  );
  # https://www.suse.com/support/update/announcement/2018/suse-su-20183250-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c4da5779"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2018-2335=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclamav7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclamav7-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclammspack0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libclammspack0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-debuginfo-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-debugsource-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"clamav-devel-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclamav7-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclamav7-debuginfo-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclammspack0-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"libclammspack0-debuginfo-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-debuginfo-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-debugsource-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"clamav-devel-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclamav7-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclamav7-debuginfo-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclammspack0-0.100.2-3.6.4")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"libclammspack0-debuginfo-0.100.2-3.6.4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
}
VendorProductVersionCPE
novellsuse_linuxclamavp-cpe:/a:novell:suse_linux:clamav
novellsuse_linuxclamav-debuginfop-cpe:/a:novell:suse_linux:clamav-debuginfo
novellsuse_linuxclamav-debugsourcep-cpe:/a:novell:suse_linux:clamav-debugsource
novellsuse_linuxclamav-develp-cpe:/a:novell:suse_linux:clamav-devel
novellsuse_linuxlibclamav7p-cpe:/a:novell:suse_linux:libclamav7
novellsuse_linuxlibclamav7-debuginfop-cpe:/a:novell:suse_linux:libclamav7-debuginfo
novellsuse_linuxlibclammspack0p-cpe:/a:novell:suse_linux:libclammspack0
novellsuse_linuxlibclammspack0-debuginfop-cpe:/a:novell:suse_linux:libclammspack0-debuginfo
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

nessus 38
altlinux 3
suse 4
openvas 32
freebsd 1
amazon 2
fedora 9
ubuntu 5
debian 4
osv 7
ibm 3
redhat 2
oraclelinux 2
centos 1
mageia 2
gentoo 2
photon 8
prion 4
cve 4
debiancve 4
ubuntucve 4
alpinelinux 4
redhatcve 3
veracode 3
nessus
nessus
openSUSE Security Update : clamav (openSUSE-2018-1227)
2018-10-24 00:00:00
openSUSE Security Update : clamav (openSUSE-2019-821)
2019-03-27 00:00:00
SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:3436-1)
2018-10-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
Security fix for the ALT Linux 8 package clamav version 0.100.2-alt1
2018-10-17 00:00:00
suse
suse
Security update for clamav (moderate)
2018-10-23 15:15:34
Security update for clamav (moderate)
2018-10-27 00:15:36
Security update for libmspack (moderate)
2021-08-20 00:00:00
openvas
openvas
openSUSE: Security Advisory for clamav (openSUSE-SU-2018:3315-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3250-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:3441-1)
2021-06-09 00:00:00
freebsd
freebsd
clamav -- multiple vulnerabilities
2018-10-03 00:00:00
amazon
amazon
Low: clamav
2019-01-09 22:56:00
Low: libmspack
2019-01-23 23:27:00
fedora
fedora
[SECURITY] Fedora 29 Update: clamav-0.100.2-2.fc29
2018-10-30 17:40:56
[SECURITY] Fedora 28 Update: clamav-0.100.2-2.fc28
2018-10-09 03:10:28
[SECURITY] Fedora 29 Update: libmspack-0.9.1-0.1.alpha.fc29
2018-11-13 02:25:13
ubuntu
ubuntu
ClamAV vulnerabilities
2018-10-16 00:00:00
ClamAV vulnerabilities
2018-08-01 00:00:00
libmspack vulnerabilities
2018-08-01 00:00:00
debian
debian
[SECURITY] [DSA 4260-1] libmspack security update
2018-08-02 21:09:34
[SECURITY] [DSA 4260-1] libmspack security update
2018-08-02 21:09:34
[SECURITY] [DLA-1460-1] libmspack security update
2018-08-06 09:20:01
osv
osv
libmspack - security update
2018-08-06 00:00:00
libmspack - security update
2018-08-02 00:00:00
clamav - security update
2018-10-24 00:00:00
ibm
ibm
Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM
2019-03-04 05:55:02
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801r
2018-10-26 21:10:01
Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018
2019-01-28 17:05:01
redhat
redhat
(RHSA-2018:3327) Low: libmspack security update
2018-10-30 04:43:45
(RHSA-2018:3505) Critical: Red Hat Ansible Tower 3.3.1-2 Release - Container Image
2018-11-06 15:39:03
oraclelinux
oraclelinux
libmspack security update
2018-11-05 00:00:00
libmspack security and bug fix update
2020-05-05 00:00:00
centos
centos
libmspack security update
2018-11-15 18:48:49
mageia
mageia
Updated libmspack/cabextract packages fix security vulnerabilities
2018-11-18 01:23:26
Updated clamav packages fix security vulnerability
2018-10-19 21:00:37
gentoo
gentoo
cabextract, libmspack: Multiple vulnerabilities
2019-03-28 00:00:00
ClamAV: Multiple vulnerabilities
2019-04-08 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0247
2019-08-02 00:00:00
Important Photon OS Security Update - PHSA-2019-0247
2019-08-02 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0196
2018-11-15 00:00:00
prion
prion
Race condition
2018-10-15 17:29:00
Design/Logic Flaw
2018-07-28 23:29:00
Design/Logic Flaw
2018-07-28 23:29:00
cve
cve
CVE-2018-15378
2018-10-15 17:29:00
CVE-2018-14681
2018-07-28 23:29:00
CVE-2018-14680
2018-07-28 23:29:00
debiancve
debiancve
CVE-2018-15378
2018-10-15 17:29:00
CVE-2018-14680
2018-07-28 23:29:00
CVE-2018-14681
2018-07-28 23:29:00
ubuntucve
ubuntucve
CVE-2018-15378
2018-10-08 00:00:00
CVE-2018-14681
2018-07-28 00:00:00
CVE-2018-14682
2018-07-28 00:00:00
alpinelinux
alpinelinux
CVE-2018-15378
2018-10-15 17:29:00
CVE-2018-14681
2018-07-28 23:29:00
CVE-2018-14680
2018-07-28 23:29:00
redhatcve
redhatcve
CVE-2018-14681
2018-08-01 15:19:34
CVE-2018-14680
2018-08-01 16:50:01
CVE-2018-14682
2018-08-01 16:49:46
veracode
veracode
Memory Corruption
2019-05-16 03:19:23
Denial Of Service (DoS)
2019-05-16 03:19:22
Memory Corruption
2019-05-16 03:19:23
JSON
Related for SUSE_SU-2018-3250-1.NASL
nessus38altlinux3suse4openvas32freebsd1amazon2fedora9ubuntu5debian4osv7ibm3redhat2oraclelinux2centos1mageia2gentoo2photon8prion4cve4debiancve4ubuntucve4alpinelinux4redhatcve3veracode3