ID UBUNTU_USN-3397-1.NASL Type nessus Reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2021-01-02T00:00:00
Description
It was discovered that strongSwan incorrectly handled verifying
specific RSA signatures. A remote attacker could use this issue to
cause strongSwan to crash, resulting in a denial of service.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3397-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include("compat.inc");
if (description)
{
script_id(102678);
script_version("3.8");
script_cvs_date("Date: 2019/09/18 12:31:47");
script_cve_id("CVE-2017-11185");
script_xref(name:"USN", value:"3397-1");
script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : strongswan vulnerability (USN-3397-1)");
script_summary(english:"Checks dpkg output for updated packages.");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Ubuntu host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that strongSwan incorrectly handled verifying
specific RSA signatures. A remote attacker could use this issue to
cause strongSwan to crash, resulting in a denial of service.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://usn.ubuntu.com/3397-1/"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected libstrongswan and / or strongswan packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libstrongswan");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:strongswan");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.04");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/18");
script_set_attribute(attribute:"patch_publication_date", value:"2017/08/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Ubuntu Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(14\.04|16\.04|17\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
flag = 0;
if (ubuntu_check(osver:"14.04", pkgname:"libstrongswan", pkgver:"5.1.2-0ubuntu2.7")) flag++;
if (ubuntu_check(osver:"14.04", pkgname:"strongswan", pkgver:"5.1.2-0ubuntu2.7")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"libstrongswan", pkgver:"5.3.5-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"strongswan", pkgver:"5.3.5-1ubuntu3.4")) flag++;
if (ubuntu_check(osver:"17.04", pkgname:"libstrongswan", pkgver:"5.5.1-1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"17.04", pkgname:"strongswan", pkgver:"5.5.1-1ubuntu3.2")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libstrongswan / strongswan");
}
{"id": "UBUNTU_USN-3397-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : strongswan vulnerability (USN-3397-1)", "description": "It was discovered that strongSwan incorrectly handled verifying\nspecific RSA signatures. A remote attacker could use this issue to\ncause strongSwan to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2017-08-22T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/102678", "reporter": "Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/3397-1/"], "cvelist": ["CVE-2017-11185"], "type": "nessus", "lastseen": "2021-01-01T06:45:46", "edition": 29, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-11185"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891059", "OPENVAS:1361412562310843694", "OPENVAS:1361412562310703962"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3962-1:A50EC", "DEBIAN:DLA-1059-1:9E713"]}, {"type": "ubuntu", "idList": ["USN-3397-1"]}, {"type": "archlinux", "idList": ["ASA-201708-13"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2017-0040.NASL", "DEBIAN_DLA-1059.NASL", "SUSE_SU-2017-2143-1.NASL", "DEBIAN_DSA-3962.NASL", "SUSE_SU-2017-2293-1.NASL", "PHOTONOS_PHSA-2017-0040_STRONGSWAN.NASL"]}], "modified": "2021-01-01T06:45:46", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2021-01-01T06:45:46", "rev": 2}, "vulnersScore": 4.8}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3397-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(102678);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-11185\");\n script_xref(name:\"USN\", value:\"3397-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : strongswan vulnerability (USN-3397-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that strongSwan incorrectly handled verifying\nspecific RSA signatures. A remote attacker could use this issue to\ncause strongSwan to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3397-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libstrongswan and / or strongswan packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libstrongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libstrongswan\", pkgver:\"5.1.2-0ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"strongswan\", pkgver:\"5.1.2-0ubuntu2.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libstrongswan\", pkgver:\"5.3.5-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"strongswan\", pkgver:\"5.3.5-1ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libstrongswan\", pkgver:\"5.5.1-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"strongswan\", pkgver:\"5.5.1-1ubuntu3.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libstrongswan / strongswan\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "102678", "cpe": ["cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:libstrongswan", "p-cpe:/a:canonical:ubuntu_linux:strongswan", "cpe:/o:canonical:ubuntu_linux:14.04"], "scheme": null, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}
{"cve": [{"lastseen": "2020-12-09T20:13:20", "description": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-08-18T17:29:00", "title": "CVE-2017-11185", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11185"], "modified": "2018-08-13T21:47:00", "cpe": ["cpe:/a:strongswan:strongswan:5.5.3"], "id": "CVE-2017-11185", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11185", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:strongswan:strongswan:5.5.3:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11185"], "description": "It was discovered that strongSwan incorrectly handled verifying \nspecific RSA signatures. A remote attacker could use this issue \nto cause strongSwan to crash, resulting in a denial of service.", "edition": 5, "modified": "2017-08-21T00:00:00", "published": "2017-08-21T00:00:00", "id": "USN-3397-1", "href": "https://ubuntu.com/security/notices/USN-3397-1", "title": "strongSwan vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "description": "A denial of service vulnerability was identified in strongSwan, an IKE/IPsec\nsuite, using Google", "modified": "2019-03-18T00:00:00", "published": "2017-09-03T00:00:00", "id": "OPENVAS:1361412562310703962", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703962", "type": "openvas", "title": "Debian Security Advisory DSA 3962-1 (strongswan - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3962.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3962-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703962\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-11185\");\n script_name(\"Debian Security Advisory DSA 3962-1 (strongswan - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-03 00:00:00 +0200 (Sun, 03 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3962.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(8|10|9)\");\n script_tag(name:\"affected\", value:\"strongswan on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 5.2.1-6+deb8u5.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 5.5.1-4+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 5.6.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.6.0-1.\n\nWe recommend that you upgrade your strongswan packages.\");\n script_tag(name:\"summary\", value:\"A denial of service vulnerability was identified in strongSwan, an IKE/IPsec\nsuite, using Google's OSS-Fuzz fuzzing project.\n\nThe gmp plugin in strongSwan had insufficient input validation when verifying\nRSA signatures. This coding error could lead to a null pointer dereference,\nleading to process crash.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.2.1-6+deb8u5\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"charon-systemd\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-pki\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-scepclient\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-swanctl\", ver:\"5.6.0-1\", rls:\"DEB10\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"charon-systemd\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-pki\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-scepclient\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"strongswan-swanctl\", ver:\"5.5.1-4+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:11:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "description": "It was discovered that there was a denial-of-service vulnerability in\nthe Strongswan Virtual Private Network (VPN) software.", "modified": "2020-01-29T00:00:00", "published": "2018-02-07T00:00:00", "id": "OPENVAS:1361412562310891059", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891059", "type": "openvas", "title": "Debian LTS: Security Advisory for strongswan (DLA-1059-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891059\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-11185\");\n script_name(\"Debian LTS: Security Advisory for strongswan (DLA-1059-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00011.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"strongswan on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', this issue has been fixed in strongswan version\n4.5.2-1.5+deb7u10.\n\nWe recommend that you upgrade your strongswan packages.\");\n\n script_tag(name:\"summary\", value:\"It was discovered that there was a denial-of-service vulnerability in\nthe Strongswan Virtual Private Network (VPN) software.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"strongswan\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"4.5.2-1.5+deb7u10\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310843694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843694", "type": "openvas", "title": "Ubuntu Update for strongswan USN-3397-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3397_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for strongswan USN-3397-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843694\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-11185\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:07:55 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for strongswan USN-3397-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3397-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3397-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'strongswan'\n package(s) announced via the USN-3397-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that strongSwan incorrectly handled verifying\nspecific RSA signatures. A remote attacker could use this issue\nto cause strongSwan to crash, resulting in a denial of service.\");\n\n script_tag(name:\"affected\", value:\"strongswan on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.1.2-0ubuntu2.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.1.2-0ubuntu2.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.5.1-1ubuntu3.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.5.1-1ubuntu3.2\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.3.5-1ubuntu3.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.3.5-1ubuntu3.4\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:21:34", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11185"], "description": "Package : strongswan\nVersion : 4.5.2-1.5+deb7u10\nCVE ID : CVE-2017-11185\nDebian Bug : #872155\n\nIt was discovered that there was a denial-of-service vulnerability in\nthe Strongswan Virtual Private Network (VPN) software.\n\nSpecific RSA signatures passed to the gmp plugin for verification could\ncause a null-pointer dereference. Potential triggers are signatures in\ncertificates, but also signatures used during IKE authentication.\n\nFor more details, please see:\n\n <https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html>\n\n\nFor Debian 7 "Wheezy", this issue has been fixed in strongswan version\n4.5.2-1.5+deb7u10.\n\nWe recommend that you upgrade your strongswan packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-\n\n", "edition": 3, "modified": "2017-08-18T14:54:51", "published": "2017-08-18T14:54:51", "id": "DEBIAN:DLA-1059-1:9E713", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201708/msg00011.html", "title": "[SECURITY] [DLA 1059-1] strongswan security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-16T13:24:11", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11185"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3962-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nSeptember 03, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : strongswan\nCVE ID : CVE-2017-11185\nDebian Bug : 872155\n\nA denial of service vulnerability was identified in strongSwan, an IKE/IPsec\nsuite, using Google's OSS-Fuzz fuzzing project.\n\nThe gmp plugin in strongSwan had insufficient input validation when verifying\nRSA signatures. This coding error could lead to a null pointer dereference,\nleading to process crash.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 5.2.1-6+deb8u5.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 5.5.1-4+deb9u1.\n\nFor the testing distribution (buster), this problem has been fixed\nin version 5.6.0-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.6.0-1.\n\nWe recommend that you upgrade your strongswan packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2017-09-03T13:24:52", "published": "2017-09-03T13:24:52", "id": "DEBIAN:DSA-3962-1:A50EC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00224.html", "title": "[SECURITY] [DSA 3962-1] strongswan security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:43", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11185"], "description": "Arch Linux Security Advisory ASA-201708-13\n==========================================\n\nSeverity: Low\nDate : 2017-08-14\nCVE-ID : CVE-2017-11185\nPackage : strongswan\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-382\n\nSummary\n=======\n\nThe package strongswan before version 5.5.3-4 is vulnerable to denial\nof service.\n\nResolution\n==========\n\nUpgrade to 5.5.3-4.\n\n# pacman -Syu \"strongswan>=5.5.3-4\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nFixed a DoS vulnerability in the gmp plugin that was caused by\ninsufficient input validation when verifying RSA signatures, which\nrequires decryption with the operation m^e mod n, where m is the\nsignature, and e and n are the exponent and modulus of the public key.\nThe value m is an integer between 0 and n-1, however, the gmp plugin\ndid not verify this. So if m equals n the calculation results in 0, in\nwhich case mpz_export() returns NULL. This result wasn't handled\nproperly causing a null-pointer dereference.\n\nImpact\n======\n\nThe attacker is able to crash the application via a specially crafted\nRSA signature.\n\nReferences\n==========\n\nhttps://wiki.strongswan.org/versions/66\nhttps://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html\nhttps://security.archlinux.org/CVE-2017-11185", "modified": "2017-08-14T00:00:00", "published": "2017-08-14T00:00:00", "id": "ASA-201708-13", "href": "https://security.archlinux.org/ASA-201708-13", "type": "archlinux", "title": "[ASA-201708-13] strongswan: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:50:40", "description": "A denial of service vulnerability was identified in strongSwan, an\nIKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.\n\nThe gmp plugin in strongSwan had insufficient input validation when\nverifying RSA signatures. This coding error could lead to a NULL\npointer dereference, leading to process crash.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-09-05T00:00:00", "title": "Debian DSA-3962-1 : strongswan - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "modified": "2017-09-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3962.NASL", "href": "https://www.tenable.com/plugins/nessus/102929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3962. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102929);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-11185\");\n script_xref(name:\"DSA\", value:\"3962\");\n\n script_name(english:\"Debian DSA-3962-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service vulnerability was identified in strongSwan, an\nIKE/IPsec suite, using Google's OSS-Fuzz fuzzing project.\n\nThe gmp plugin in strongSwan had insufficient input validation when\nverifying RSA signatures. This coding error could lead to a NULL\npointer dereference, leading to process crash.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3962\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 5.2.1-6+deb8u5.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 5.5.1-4+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"charon-cmd\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"charon-systemd\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstrongswan\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-charon\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-ike\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-ikev1\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-ikev2\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-libcharon\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-nm\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-pki\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-scepclient\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-starter\", reference:\"5.5.1-4+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"strongswan-swanctl\", reference:\"5.5.1-4+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:38:31", "description": "It was discovered that there was a denial of service vulnerability in\nthe Strongswan Virtual Private Network (VPN) software.\n\nSpecific RSA signatures passed to the gmp plugin for verification\ncould cause a NULL pointer dereference. Potential triggers are\nsignatures in certificates, but also signatures used during IKE\nauthentication.\n\nFor more details, please see :\n\n<https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(\ncve-2017-11185).html>\n\nFor Debian 7 'Wheezy', this issue has been fixed in strongswan version\n4.5.2-1.5+deb7u10.\n\nWe recommend that you upgrade your strongswan packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-21T00:00:00", "title": "Debian DLA-1059-1 : strongswan security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "modified": "2017-08-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan-nm", "p-cpe:/a:debian:debian_linux:strongswan", "p-cpe:/a:debian:debian_linux:strongswan-starter", "p-cpe:/a:debian:debian_linux:strongswan-ikev2", "cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:libstrongswan", "p-cpe:/a:debian:debian_linux:strongswan-dbg", "p-cpe:/a:debian:debian_linux:strongswan-ikev1"], "id": "DEBIAN_DLA-1059.NASL", "href": "https://www.tenable.com/plugins/nessus/102594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1059-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102594);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11185\");\n\n script_name(english:\"Debian DLA-1059-1 : strongswan security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there was a denial of service vulnerability in\nthe Strongswan Virtual Private Network (VPN) software.\n\nSpecific RSA signatures passed to the gmp plugin for verification\ncould cause a NULL pointer dereference. Potential triggers are\nsignatures in certificates, but also signatures used during IKE\nauthentication.\n\nFor more details, please see :\n\n<https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(\ncve-2017-11185).html>\n\nFor Debian 7 'Wheezy', this issue has been fixed in strongswan version\n4.5.2-1.5+deb7u10.\n\nWe recommend that you upgrade your strongswan packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstrongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-ikev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-ikev2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-nm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-starter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T14:26:11", "description": "This update for strongswan fixes the following issues :\n\n - CVE-2017-11185: Specific RSA signatures passed to the\n gmp plugin for verification can cause a NULL pointer\n dereference and it may lead to a denial of service\n (bsc#1051222)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-14T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2017:2143-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "modified": "2017-08-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:strongswan-ipsec", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:strongswan-libs0", "p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo", "p-cpe:/a:novell:suse_linux:strongswan", "p-cpe:/a:novell:suse_linux:strongswan-hmac", "p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo", "p-cpe:/a:novell:suse_linux:strongswan-debugsource"], "id": "SUSE_SU-2017-2143-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102476", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2143-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102476);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-11185\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2017:2143-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for strongswan fixes the following issues :\n\n - CVE-2017-11185: Specific RSA signatures passed to the\n gmp plugin for verification can cause a NULL pointer\n dereference and it may lead to a denial of service\n (bsc#1051222)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11185/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172143-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?444c0329\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-1324=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2017-1324=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-1324=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2017-1324=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-1324=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-ipsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-libs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-debugsource-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-hmac-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-ipsec-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-ipsec-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-libs0-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"strongswan-libs0-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-debugsource-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-hmac-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-ipsec-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-ipsec-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-libs0-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"strongswan-libs0-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-debugsource-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-ipsec-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-ipsec-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-libs0-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-libs0-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"strongswan-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"strongswan-debugsource-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"strongswan-ipsec-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"strongswan-ipsec-debuginfo-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"strongswan-libs0-5.1.3-26.5.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"strongswan-libs0-debuginfo-5.1.3-26.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T14:48:06", "description": "This update for strongswan fixes the following issues :\n\n - CVE-2017-11185: Specific RSA signatures passed to the\n gmp plugin for verification can cause a NULL pointer\n dereference and it may lead to a denial of service\n (bsc#1051222)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-08-30T00:00:00", "title": "SUSE SLES11 Security Update : strongswan (SUSE-SU-2017:2293-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11185"], "modified": "2017-08-30T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:strongswan", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:strongswan-doc"], "id": "SUSE_SU-2017-2293-1.NASL", "href": "https://www.tenable.com/plugins/nessus/102840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:2293-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102840);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-11185\");\n\n script_name(english:\"SUSE SLES11 Security Update : strongswan (SUSE-SU-2017:2293-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for strongswan fixes the following issues :\n\n - CVE-2017-11185: Specific RSA signatures passed to the\n gmp plugin for verification can cause a NULL pointer\n dereference and it may lead to a denial of service\n (bsc#1051222)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051222\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-11185/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20172293-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?400d9d3a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-strongswan-13251=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-strongswan-13251=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"strongswan-4.4.0-6.36.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"strongswan-doc-4.4.0-6.36.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T22:39:21", "description": "An update of the strongswan package has been released.", "edition": 8, "cvss3": {"score": 7.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Strongswan PHSA-2017-0040", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10309", "CVE-2017-11185"], "modified": "2019-02-07T00:00:00", "cpe": ["cpe:/o:vmware:photonos:1.0", "p-cpe:/a:vmware:photonos:strongswan"], "id": "PHOTONOS_PHSA-2017-0040_STRONGSWAN.NASL", "href": "https://www.tenable.com/plugins/nessus/121747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0040. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121747);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2017-11185\");\n\n script_name(english:\"Photon OS 1.0: Strongswan PHSA-2017-0040\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the strongswan package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-80.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10309\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"strongswan-5.5.1-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"strongswan-debuginfo-5.5.1-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-02-21T01:41:53", "description": "An update of [openjdk,openjre,bash,libtar,glibc,libgcrypt,strongswan,unzip] packages for PhotonOS has been released.", "edition": 6, "published": "2018-08-17T00:00:00", "title": "Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9844", "CVE-2017-10388", "CVE-2014-9913", "CVE-2016-9844", "CVE-2013-4420", "CVE-2016-0634", "CVE-2017-9526", "CVE-2017-10309", "CVE-2017-11185", "CVE-2017-12133", "CVE-2017-10285", "CVE-2017-10274", "CVE-2017-10346"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "p-cpe:/a:vmware:photonos:unzip", "p-cpe:/a:vmware:photonos:glibc", "p-cpe:/a:vmware:photonos:openjre", "p-cpe:/a:vmware:photonos:openjdk", "p-cpe:/a:vmware:photonos:libgcrypt", "cpe:/o:vmware:photonos:1.0", "p-cpe:/a:vmware:photonos:libtar", "p-cpe:/a:vmware:photonos:strongswan"], "id": "PHOTONOS_PHSA-2017-0040.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0040. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111889);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2013-4420\",\n \"CVE-2014-9844\",\n \"CVE-2014-9913\",\n \"CVE-2016-0634\",\n \"CVE-2016-9844\",\n \"CVE-2017-9526\",\n \"CVE-2017-10274\",\n \"CVE-2017-10285\",\n \"CVE-2017-10309\",\n \"CVE-2017-10346\",\n \"CVE-2017-10388\",\n \"CVE-2017-11185\",\n \"CVE-2017-12133\"\n );\n\n script_name(english:\"Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of\n[openjdk,openjre,bash,libtar,glibc,libgcrypt,strongswan,unzip]\npackages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-80\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0fdbe24\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10285\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:glibc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libgcrypt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:libtar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openjre\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unzip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"bash-4.3.48-1.ph1\",\n \"bash-debuginfo-4.3.48-1.ph1\",\n \"bash-lang-4.3.48-1.ph1\",\n \"glibc-2.22-14.ph1\",\n \"glibc-devel-2.22-14.ph1\",\n \"glibc-lang-2.22-14.ph1\",\n \"libgcrypt-1.7.6-3.ph1\",\n \"libgcrypt-debuginfo-1.7.6-3.ph1\",\n \"libgcrypt-devel-1.7.6-3.ph1\",\n \"libtar-1.2.20-3.ph1\",\n \"libtar-devel-1.2.20-3.ph1\",\n \"openjdk-1.8.0.151-1.ph1\",\n \"openjdk-debuginfo-1.8.0.151-1.ph1\",\n \"openjdk-doc-1.8.0.151-1.ph1\",\n \"openjdk-sample-1.8.0.151-1.ph1\",\n \"openjdk-src-1.8.0.151-1.ph1\",\n \"openjre-1.8.0.151-1.ph1\",\n \"strongswan-5.5.1-2.ph1\",\n \"strongswan-debuginfo-5.5.1-2.ph1\",\n \"unzip-6.0-8.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / glibc / libgcrypt / libtar / openjdk / openjre / strongswan / unzip\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}