Lucene search
Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-2897-1.NASLHistoryFeb 16, 2016 - 12:00 a.m.
Ubuntu 14.04 LTS : Nettle vulnerabilities (USN-2897-1)
2016-02-1600:00:00
Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
Hanno Bock discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8803)
Hanno Bock discovered that Nettle incorrectly handled carry propagation in the NIST P-384 elliptic curve. (CVE-2015-8804)
Niels Moeller discovered that Nettle incorrectly handled carry propagation in the NIST P-256 elliptic curve. (CVE-2015-8805).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-2897-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(88748);
script_version("2.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/23");
script_cve_id("CVE-2015-8803", "CVE-2015-8804", "CVE-2015-8805");
script_xref(name:"USN", value:"2897-1");
script_name(english:"Ubuntu 14.04 LTS : Nettle vulnerabilities (USN-2897-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Hanno Bock discovered that Nettle incorrectly handled carry
propagation in the NIST P-256 elliptic curve. (CVE-2015-8803)
Hanno Bock discovered that Nettle incorrectly handled carry
propagation in the NIST P-384 elliptic curve. (CVE-2015-8804)
Niels Moeller discovered that Nettle incorrectly handled carry
propagation in the NIST P-256 elliptic curve. (CVE-2015-8805).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-2897-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8805");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/23");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libnettle4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nettle-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:nettle-dev");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libhogweed2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2016-2020 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'libhogweed2', 'pkgver': '2.7.1-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libnettle4', 'pkgver': '2.7.1-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'nettle-bin', 'pkgver': '2.7.1-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'nettle-dev', 'pkgver': '2.7.1-1ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libhogweed2 / libnettle4 / nettle-bin / nettle-dev');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libnettle4 | p-cpe:/a:canonical:ubuntu_linux:libnettle4 |
| canonical | ubuntu_linux | nettle-bin | p-cpe:/a:canonical:ubuntu_linux:nettle-bin |
| canonical | ubuntu_linux | nettle-dev | p-cpe:/a:canonical:ubuntu_linux:nettle-dev |
| canonical | ubuntu_linux | 14.04 | cpe:/o:canonical:ubuntu_linux:14.04:-:lts |
| canonical | ubuntu_linux | libhogweed2 | p-cpe:/a:canonical:ubuntu_linux:libhogweed2 |
Related
nessus
nessus
openSUSE Security Update : libnettle (openSUSE-2016-212)
2016-02-17 00:00:00
SUSE SLED12 / SLES12 Security Update : libnettle (SUSE-SU-2016:0455-1)
2016-02-17 00:00:00
openSUSE Security Update : libnettle (openSUSE-2016-211)
2016-02-17 00:00:00
openvas
openvas
Fedora Update for nettle FEDORA-2016-8
2016-02-21 00:00:00
Ubuntu Update for nettle USN-2897-1
2016-02-16 00:00:00
Fedora Update for compat-nettle27 FEDORA-2016-d94300845b
2016-06-08 00:00:00
mageia
mageia
Updated nettle packages fix security vulnerabilities
2016-02-09 22:05:34
fedora
fedora
[SECURITY] Fedora 22 Update: nettle-2.7.1-6.fc22
2016-02-21 02:30:44
[SECURITY] Fedora 23 Update: compat-nettle27-2.7.1-2.fc23
2016-06-02 15:03:54
[SECURITY] Fedora 23 Update: nettle-3.2-1.fc23
2016-02-04 23:23:47
archlinux
archlinux
lib32-nettle: improper cryptographic calculations
2016-02-03 00:00:00
nettle: improper cryptographic calculations
2016-02-03 00:00:00
ubuntu
ubuntu
Nettle vulnerabilities
2016-02-15 00:00:00
redhat
redhat
(RHSA-2016:2582) Moderate: nettle security and bug fix update
2016-11-03 06:07:15
centos
centos
nettle security update
2016-11-25 15:38:26
oraclelinux
oraclelinux
nettle security and bug fix update
2016-11-09 00:00:00
prion
prion
Design/Logic Flaw
2016-02-23 19:59:00
Design/Logic Flaw
2016-02-23 19:59:00
Design/Logic Flaw
2016-02-23 19:59:00
cve
cve
ubuntucve
ubuntucve
debiancve
debiancve
Related for UBUNTU_USN-2897-1.NASL