Lucene search
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1310-1.NASLHistoryDec 20, 2011 - 12:00 a.m.
Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libarchive vulnerabilities (USN-1310-1)
2011-12-2000:00:00
Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
It was discovered that libarchive incorrectly handled certain ISO 9660 image files. If a user were tricked into using a specially crafted ISO 9660 image file, a remote attacker could cause libarchive to crash or possibly execute arbitrary code with user privileges. (CVE-2011-1777)
It was discovered that libarchive incorrectly handled certain tar archive files. If a user were tricked into using a specially crafted tar file, a remote attacker could cause libarchive to crash or possibly execute arbitrary code with user privileges. (CVE-2011-1778).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1310-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(57341);
script_version("1.9");
script_cvs_date("Date: 2019/09/19 12:54:27");
script_cve_id("CVE-2011-1777", "CVE-2011-1778");
script_bugtraq_id(47737);
script_xref(name:"USN", value:"1310-1");
script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : libarchive vulnerabilities (USN-1310-1)");
script_summary(english:"Checks dpkg output for updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Ubuntu host is missing a security-related patch."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that libarchive incorrectly handled certain ISO 9660
image files. If a user were tricked into using a specially crafted ISO
9660 image file, a remote attacker could cause libarchive to crash or
possibly execute arbitrary code with user privileges. (CVE-2011-1777)
It was discovered that libarchive incorrectly handled certain tar
archive files. If a user were tricked into using a specially crafted
tar file, a remote attacker could cause libarchive to crash or
possibly execute arbitrary code with user privileges. (CVE-2011-1778).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/1310-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libarchive1 package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libarchive1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/13");
script_set_attribute(attribute:"patch_publication_date", value:"2011/12/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/20");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"10.04", pkgname:"libarchive1", pkgver:"2.8.0-2ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.10", pkgname:"libarchive1", pkgver:"2.8.4-1ubuntu0.10.10.1")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"libarchive1", pkgver:"2.8.4-1ubuntu0.11.04.1")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"libarchive1", pkgver:"2.8.4-1ubuntu0.11.10.1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libarchive1");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libarchive1 | p-cpe:/a:canonical:ubuntu_linux:libarchive1 |
| canonical | ubuntu_linux | 10.04 | cpe:/o:canonical:ubuntu_linux:10.04:-:lts |
| canonical | ubuntu_linux | 10.10 | cpe:/o:canonical:ubuntu_linux:10.10 |
| canonical | ubuntu_linux | 11.04 | cpe:/o:canonical:ubuntu_linux:11.04 |
| canonical | ubuntu_linux | 11.10 | cpe:/o:canonical:ubuntu_linux:11.10 |
Related
openvas
openvas
Mandriva Update for libarchive MDVSA-2011:190 (libarchive)
2011-12-23 00:00:00
Debian: Security Advisory (DSA-2413-1)
2012-03-12 00:00:00
Mandriva Update for libarchive MDVSA-2011:190 (libarchive)
2011-12-23 00:00:00
nessus
nessus
Debian DSA-2413-1 : libarchive - buffer overflows
2012-02-21 00:00:00
Mandriva Linux Security Advisory : libarchive (MDVSA-2011:190)
2011-12-19 00:00:00
Oracle Linux 6 : libarchive (ELSA-2011-1507)
2013-07-12 00:00:00
oraclelinux
oraclelinux
libarchive security update
2011-12-01 00:00:00
debian
debian
[SECURITY] [DSA 2413-1] libarchive security update
2012-02-20 20:52:03
ubuntu
ubuntu
libarchive vulnerabilities
2011-12-19 00:00:00
redhat
redhat
(RHSA-2011:1507) Moderate: libarchive security update
2011-12-01 00:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2014-06-01 00:00:00
cve
cve
CVE-2011-1778
2012-04-13 20:55:00
CVE-2011-1777
2012-04-13 20:55:00
debiancve
debiancve
CVE-2011-1778
2012-04-13 20:55:00
CVE-2011-1777
2012-04-13 20:55:00
ubuntucve
ubuntucve
CVE-2011-1778
2011-12-02 00:00:00
CVE-2011-1777
2011-12-02 00:00:00
prion
prion
Buffer overflow
2012-04-13 20:55:00
Buffer overflow
2012-04-13 20:55:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:06:53
Arbitrary Code Execution
2020-04-10 01:06:53
securityvulns
securityvulns
libarchive library buffer overflow
2011-12-26 00:00:00
[ MDVSA-2011:191 ] libarchive
2011-12-26 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
Related for UBUNTU_USN-1310-1.NASL