Lucene search
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2338-1.NASLHistorySep 04, 2014 - 12:00 a.m.
Ubuntu 14.04 LTS : Lua vulnerability (USN-2338-1)
2014-09-0400:00:00
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
It was discovered that Lua incorrectly handled certain vararg functions with a large number of fixed parameters. An attacker could use this issue to cause Lua applications to crash, resulting in a denial of service, or possibly execute arbitrary code.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2338-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77525);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id("CVE-2014-5461");
script_bugtraq_id(69342);
script_xref(name:"USN", value:"2338-1");
script_name(english:"Ubuntu 14.04 LTS : Lua vulnerability (USN-2338-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It was discovered that Lua incorrectly handled certain vararg
functions with a large number of fixed parameters. An attacker could
use this issue to cause Lua applications to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2338-1");
script_set_attribute(attribute:"solution", value:
"Update the affected liblua5.1-0, liblua5.1-0-dev and / or lua5.1 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-5461");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/04");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liblua5.1-0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liblua5.1-0-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lua5.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'liblua5.1-0', 'pkgver': '5.1.5-5ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'liblua5.1-0-dev', 'pkgver': '5.1.5-5ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'lua5.1', 'pkgver': '5.1.5-5ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'liblua5.1-0 / liblua5.1-0-dev / lua5.1');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | liblua5.1-0 | p-cpe:/a:canonical:ubuntu_linux:liblua5.1-0 |
| canonical | ubuntu_linux | liblua5.1-0-dev | p-cpe:/a:canonical:ubuntu_linux:liblua5.1-0-dev |
| canonical | ubuntu_linux | lua5.1 | p-cpe:/a:canonical:ubuntu_linux:lua5.1 |
| canonical | ubuntu_linux | 14.04 | cpe:/o:canonical:ubuntu_linux:14.04:-:lts |
Related
nessus
nessus
Mandriva Linux Security Advisory : lua (MDVSA-2014:205)
2014-10-27 00:00:00
Debian DSA-3015-1 : lua5.1 - security update
2014-09-02 00:00:00
EulerOS 2.0 SP5 : lua (EulerOS-SA-2019-1978)
2019-09-23 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-402)
2015-09-08 00:00:00
Debian Security Advisory DSA 3016-1 (lua5.2 - security update)
2014-09-01 00:00:00
Debian: Security Advisory (DSA-3015-1)
2014-08-31 00:00:00
ubuntu
ubuntu
Lua vulnerability
2014-09-03 00:00:00
prion
prion
Buffer overflow
2014-09-04 17:55:00
securityvulns
securityvulns
Lua buffer overflow
2014-09-03 00:00:00
[SECURITY] [DSA 3016-1] lua5.2 security update
2014-09-03 00:00:00
debian
debian
[SECURITY] [DLA 47-1] lua5.1 security update
2014-09-05 16:02:04
[SECURITY] [DSA 3015-1] lua5.1 security update
2014-09-01 19:03:03
[SECURITY] [DSA 3016-1] lua5.2 security update
2014-09-01 19:08:34
mageia
mageia
Updated lua and lua5.1 packages fix security vulnerability
2014-10-23 17:27:57
Updated freeciv packages fix a security vulnerability
2015-01-21 20:15:23
amazon
amazon
Medium: lua
2014-09-17 21:44:00
ubuntucve
ubuntucve
CVE-2014-5461
2014-08-28 00:00:00
osv
osv
lua5.2 - security update
2014-09-01 00:00:00
lua5.1 - security update
2014-09-05 00:00:00
lua5.1 - security update
2014-09-01 00:00:00
gentoo
gentoo
Lua: Buffer overflow
2017-01-23 00:00:00
Lua: Multiple Vulnerabilities
2023-05-03 00:00:00
cve
cve
CVE-2014-5461
2014-09-04 17:55:00
debiancve
debiancve
CVE-2014-5461
2014-09-04 17:55:00
Related for UBUNTU_USN-2338-1.NASL