Lucene search
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2339-2.NASLHistorySep 04, 2014 - 12:00 a.m.
Ubuntu 14.04 LTS : Libgcrypt vulnerability (USN-2339-2)
2014-09-0400:00:00
Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2339-2. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(77527);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");
script_cve_id("CVE-2014-5270");
script_bugtraq_id(69164);
script_xref(name:"USN", value:"2339-2");
script_name(english:"Ubuntu 14.04 LTS : Libgcrypt vulnerability (USN-2339-2)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt
was susceptible to an adaptive chosen ciphertext attack via physical
side channels. A local attacker could use this attack to possibly
recover private keys.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2339-2");
script_set_attribute(attribute:"solution", value:
"Update the affected libgcrypt11, libgcrypt11-dev and / or libgcrypt11-udeb packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-5270");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/09");
script_set_attribute(attribute:"patch_publication_date", value:"2014/09/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgcrypt11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgcrypt11-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgcrypt11-udeb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'libgcrypt11', 'pkgver': '1.5.3-2ubuntu4.1'},
{'osver': '14.04', 'pkgname': 'libgcrypt11-dev', 'pkgver': '1.5.3-2ubuntu4.1'},
{'osver': '14.04', 'pkgname': 'libgcrypt11-udeb', 'pkgver': '1.5.3-2ubuntu4.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libgcrypt11 / libgcrypt11-dev / libgcrypt11-udeb');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libgcrypt11 | p-cpe:/a:canonical:ubuntu_linux:libgcrypt11 |
| canonical | ubuntu_linux | libgcrypt11-dev | p-cpe:/a:canonical:ubuntu_linux:libgcrypt11-dev |
| canonical | ubuntu_linux | libgcrypt11-udeb | p-cpe:/a:canonical:ubuntu_linux:libgcrypt11-udeb |
| canonical | ubuntu_linux | 14.04 | cpe:/o:canonical:ubuntu_linux:14.04:-:lts |
Related
nessus
nessus
Debian DLA-93-1 : libgcrypt11 security update
2015-03-26 00:00:00
Debian DSA-3024-1 : gnupg - security update
2014-09-14 00:00:00
Mandriva Linux Security Advisory : libgcrypt (MDVSA-2014:176)
2014-09-12 00:00:00
osv
osv
gnupg - security update
2014-09-11 00:00:00
libgcrypt11 - security update
2014-11-25 00:00:00
libgcrypt11 - security update
2014-11-16 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:1077-1)
2021-06-09 00:00:00
Debian Security Advisory DSA 3073-1 (libgcrypt11 - security update)
2014-11-16 00:00:00
Gentoo Security Advisory GLSA 201408-10
2015-09-29 00:00:00
debian
debian
[SECURITY] [DLA 53-1] gnupg security update
2014-09-14 07:23:55
[SECURITY] [DSA 3073-1] libgcrypt11 security update
2014-11-16 13:18:08
[SECURITY] [DLA 93-1] libgcrypt11 security update
2014-11-25 09:25:48
ubuntu
ubuntu
Libgcrypt vulnerability
2014-09-03 00:00:00
GnuPG vulnerability
2014-09-03 00:00:00
GnuPG vulnerabilities
2015-04-01 00:00:00
securityvulns
securityvulns
[USN-2339-1] GnuPG vulnerability
2014-09-15 00:00:00
GnuPG / libcrypt information leakage
2014-09-15 00:00:00
[USN-2554-1] GnuPG vulnerabilities
2015-04-09 00:00:00
mageia
mageia
Updated libgcrypt packages fix CVE-2014-5270
2014-09-05 13:07:37
Updated gnupg packages fix CVE-2014-5270
2014-09-22 12:31:24
gentoo
gentoo
Libgcrypt: Side-channel attack
2014-08-29 00:00:00
cve
cve
CVE-2014-5270
2014-10-10 01:55:00
prion
prion
Code injection
2014-10-10 01:55:00
ubuntucve
ubuntucve
CVE-2014-5270
2014-08-18 00:00:00
debiancve
debiancve
CVE-2014-5270
2014-10-10 01:55:00
amazon
amazon
Medium: libgcrypt
2015-08-04 17:43:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1870
2021-07-02 17:14:28
Related for UBUNTU_USN-2339-2.NASL