Lucene search
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3429-1.NASLHistorySep 26, 2017 - 12:00 a.m.
Ubuntu 14.04 LTS / 16.04 LTS : Libplist vulnerability (USN-3429-1)
2017-09-2600:00:00
Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
58.7%
Wang Junjie discovered that Libplist incorrectly handled certain files. If a user were tricked into opening a crafted file, an attacker could possibly use this to cause a crash or denial or service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3429-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(103466);
script_version("3.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id("CVE-2017-7982");
script_xref(name:"USN", value:"3429-1");
script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS : Libplist vulnerability (USN-3429-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Wang Junjie discovered that Libplist incorrectly handled certain
files. If a user were tricked into opening a crafted file, an attacker
could possibly use this to cause a crash or denial or service.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3429-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7982");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-plist");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist++-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist++1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist++3v5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplist-dev");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'libplist++-dev', 'pkgver': '1.10-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libplist++1', 'pkgver': '1.10-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libplist-dev', 'pkgver': '1.10-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libplist-utils', 'pkgver': '1.10-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libplist1', 'pkgver': '1.10-1ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'python-plist', 'pkgver': '1.10-1ubuntu0.1'},
{'osver': '16.04', 'pkgname': 'libplist++-dev', 'pkgver': '1.12-3.1ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'libplist++3v5', 'pkgver': '1.12-3.1ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'libplist-dev', 'pkgver': '1.12-3.1ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'libplist-utils', 'pkgver': '1.12-3.1ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'libplist3', 'pkgver': '1.12-3.1ubuntu0.16.04.1'},
{'osver': '16.04', 'pkgname': 'python-plist', 'pkgver': '1.12-3.1ubuntu0.16.04.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libplist++-dev / libplist++1 / libplist++3v5 / libplist-dev / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libplist-utils | p-cpe:/a:canonical:ubuntu_linux:libplist-utils |
| canonical | ubuntu_linux | libplist1 | p-cpe:/a:canonical:ubuntu_linux:libplist1 |
| canonical | ubuntu_linux | libplist3 | p-cpe:/a:canonical:ubuntu_linux:libplist3 |
| canonical | ubuntu_linux | python-plist | p-cpe:/a:canonical:ubuntu_linux:python-plist |
| canonical | ubuntu_linux | 14.04 | cpe:/o:canonical:ubuntu_linux:14.04:-:lts |
| canonical | ubuntu_linux | 16.04 | cpe:/o:canonical:ubuntu_linux:16.04:-:lts |
| canonical | ubuntu_linux | libplist%2b%2b-dev | p-cpe:/a:canonical:ubuntu_linux:libplist%2b%2b-dev |
| canonical | ubuntu_linux | libplist%2b%2b1 | p-cpe:/a:canonical:ubuntu_linux:libplist%2b%2b1 |
| canonical | ubuntu_linux | libplist%2b%2b3v5 | p-cpe:/a:canonical:ubuntu_linux:libplist%2b%2b3v5 |
| canonical | ubuntu_linux | libplist-dev | p-cpe:/a:canonical:ubuntu_linux:libplist-dev |
Related
ubuntu
ubuntu
Libplist vulnerability
2017-09-25 00:00:00
cve
cve
CVE-2017-7982
2017-04-20 14:59:00
cvelist
cvelist
CVE-2017-7982
2017-04-20 14:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3429-1)
2018-10-26 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1368-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:1379-1)
2021-04-19 00:00:00
prion
prion
Integer overflow
2017-04-20 14:59:00
debiancve
debiancve
CVE-2017-7982
2017-04-20 14:59:00
nvd
nvd
CVE-2017-7982
2017-04-20 14:59:00
redhatcve
redhatcve
CVE-2017-7982
2017-04-26 09:18:05
osv
osv
CVE-2017-7982
2017-04-20 14:59:00
libplist - security update
2020-04-02 00:00:00
ubuntucve
ubuntucve
CVE-2017-7982
2017-04-20 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1874
2021-07-02 17:14:57
Advisory ROSA-SA-2021-1883
2021-07-02 17:15:45
nessus
nessus
openSUSE Security Update : libplist (openSUSE-2017-627)
2017-05-30 00:00:00
SUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2017:1379-1)
2017-05-24 00:00:00
SUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2017:1368-1)
2017-05-23 00:00:00
debian
debian
[SECURITY] [DLA 2168-1] libplist security update
2020-04-02 08:02:22
mageia
mageia
Updated libplist packages fix security vulnerability
2018-01-03 13:32:10
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
58.7%
Related for UBUNTU_USN-3429-1.NASL