Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-2159-1.NASL
HistoryJun 28, 2021 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2021:2159-1)

2021-06-2800:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2159-1 advisory.

  • There’s a flaw in OpenEXR’s Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. (CVE-2021-3479)

  • There’s a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)

  • There’s a flaw in OpenEXR’s rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. (CVE-2021-3605)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:2159-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151101);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/13");

  script_cve_id("CVE-2021-3479", "CVE-2021-3598", "CVE-2021-3605");
  script_xref(name:"SuSE", value:"SUSE-SU-2021:2159-1");

  script_name(english:"SUSE SLED12 / SLES12 Security Update : openexr (SUSE-SU-2021:2159-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple
vulnerabilities as referenced in the SUSE-SU-2021:2159-1 advisory.

  - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is
    able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory,
    resulting in an impact to system availability. (CVE-2021-3479)

  - There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker
    who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds
    read. The greatest risk from this flaw is to application availability. (CVE-2021-3598)

  - There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is
    able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The
    greatest risk from this flaw is to application availability. (CVE-2021-3605)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184354");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187310");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187395");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3479");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3598");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3605");
  # https://lists.suse.com/pipermail/sle-security-updates/2021-June/009088.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?71a5ecf5");
  script_set_attribute(attribute:"solution", value:
"Update the affected libIlmImf-Imf_2_1-21, libIlmImf-Imf_2_1-21-32bit, openexr and / or openexr-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3605");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libIlmImf-Imf_2_1-21");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libIlmImf-Imf_2_1-21-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openexr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:openexr-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLED12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLED12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES12" && (! preg(pattern:"^(2|3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP2/3/4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(2|3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP2/3/4/5", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.2']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'3', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
    {'reference':'openexr-devel-2.1.0-6.34.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},
    {'reference':'openexr-devel-2.1.0-6.34.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},
    {'reference':'libIlmImf-Imf_2_1-21-32bit-2.1.0-6.34.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5']},
    {'reference':'libIlmImf-Imf_2_1-21-32bit-2.1.0-6.34.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},
    {'reference':'libIlmImf-Imf_2_1-21-2.1.0-6.34.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},
    {'reference':'openexr-2.1.0-6.34.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libIlmImf-Imf_2_1-21 / libIlmImf-Imf_2_1-21-32bit / openexr / etc');
}
VendorProductVersionCPE
novellsuse_linuxlibilmimf-imf_2_1-21p-cpe:/a:novell:suse_linux:libilmimf-imf_2_1-21
novellsuse_linuxlibilmimf-imf_2_1-21-32bitp-cpe:/a:novell:suse_linux:libilmimf-imf_2_1-21-32bit
novellsuse_linuxopenexrp-cpe:/a:novell:suse_linux:openexr
novellsuse_linuxopenexr-develp-cpe:/a:novell:suse_linux:openexr-devel
novellsuse_linux12cpe:/o:novell:suse_linux:12

Related

nessus 26
suse 3
fedora 2
rosalinux 1
osv 11
debiancve 3
alpinelinux 3
cve 3
redhatcve 3
cnvd 2
ubuntucve 3
prion 3
cloudfoundry 2
ubuntu 4
veracode 2
amazon 2
archlinux 1
mageia 1
debian 4
gentoo 2
freebsd 1
nessus
nessus
SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2021:2158-1)
2021-06-28 00:00:00
openSUSE 15 Security Update : openexr (openSUSE-SU-2021:0925-1)
2021-06-28 00:00:00
SUSE SLES11 Security Update : OpenEXR (SUSE-SU-2021:14757-1)
2021-06-28 00:00:00
suse
suse
Security update for openexr (important)
2021-07-11 00:00:00
Security update for openexr (important)
2021-06-25 00:00:00
Security update for openexr (important)
2021-05-05 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: mingw-openexr-2.5.5-3.fc34
2021-06-20 01:09:26
[SECURITY] Fedora 33 Update: mingw-ilmbase-2.4.1-3.fc33
2021-06-20 01:07:46
rosalinux
rosalinux
Advisory ROSA-SA-2023-2248
2023-10-17 12:58:34
osv
osv
CVE-2021-3605
2021-08-25 19:15:14
CVE-2021-3479
2021-03-31 14:15:21
openexr vulnerabilities
2021-06-22 11:09:05
debiancve
debiancve
CVE-2021-3605
2021-08-25 19:15:00
CVE-2021-3479
2021-03-31 14:15:00
CVE-2021-3598
2021-07-06 15:15:00
alpinelinux
alpinelinux
CVE-2021-3605
2021-08-25 19:15:00
CVE-2021-3479
2021-03-31 14:15:00
CVE-2021-3598
2021-07-06 15:15:00
cve
cve
CVE-2021-3605
2021-08-25 19:15:00
CVE-2021-3479
2021-03-31 14:15:00
CVE-2021-3598
2021-07-06 15:15:00
redhatcve
redhatcve
CVE-2021-3605
2021-06-15 18:23:51
CVE-2021-3479
2021-03-30 19:02:18
CVE-2021-3598
2021-06-11 19:14:18
cnvd
cnvd
Industrial Light And Magic OpenEXR Buffer Overflow Vulnerability (CNVD-2022-19853)
2021-08-05 00:00:00
OpenEXR Logic Flaw Vulnerability
2021-06-17 00:00:00
ubuntucve
ubuntucve
CVE-2021-3605
2021-06-17 00:00:00
CVE-2021-3479
2021-03-31 00:00:00
CVE-2021-3598
2021-06-15 00:00:00
prion
prion
Out-of-bounds
2021-08-25 19:15:00
Code injection
2021-03-31 14:15:00
Out-of-bounds
2021-07-06 15:15:00
cloudfoundry
cloudfoundry
USN-4996-1: OpenEXR vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
USN-4900-1: OpenEXR vulnerabilities | Cloud Foundry
2021-04-29 00:00:00
ubuntu
ubuntu
OpenEXR vulnerabilities
2021-06-22 00:00:00
OpenEXR vulnerabilities
2021-06-22 00:00:00
OpenEXR vulnerabilities
2022-09-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-04-05 07:36:14
Denial Of Service (DoS)
2021-07-11 00:48:52
amazon
amazon
Medium: OpenEXR
2023-08-31 22:30:00
Medium: OpenEXR
2023-06-05 16:39:00
archlinux
archlinux
[ASA-202107-14] openexr: arbitrary code execution
2021-07-06 00:00:00
mageia
mageia
Updated openexr packages fix security vulnerabilities
2021-07-10 15:56:54
debian
debian
[SECURITY] [DSA 5299-1] openexr security update
2022-12-10 16:27:46
[SECURITY] [DLA 2701-1] openexr security update
2021-07-03 18:16:01
[SECURITY] [DLA 2732-1] openexr security update
2021-08-04 19:53:02
gentoo
gentoo
OpenEXR: Multiple Vulnerabilities
2022-10-31 00:00:00
OpenEXR: Multiple vulnerabilities
2021-07-11 00:00:00
freebsd
freebsd
openexr, ilmbase -- security fixes related to reading corrupted input files
2021-02-12 00:00:00
JSON
Related for SUSE_SU-2021-2159-1.NASL
nessus26suse3fedora2rosalinux1osv11debiancve3alpinelinux3cve3redhatcve3cnvd2ubuntucve3prion3cloudfoundry2ubuntu4veracode2amazon2archlinux1mageia1debian4gentoo2freebsd1