Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3640-1.NASL
HistoryMay 09, 2018 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : WebKitGTK+ vulnerability (USN-3640-1)

2018-05-0900:00:00
Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain web content. If a user were tricked into viewing a malicious website, a remote attacker could possibly exploit this to execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3640-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(109649);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2018-4200");
  script_xref(name:"USN", value:"3640-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : WebKitGTK+ vulnerability (USN-3640-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Ivan Fratric discovered that WebKitGTK+ incorrectly handled certain
web content. If a user were tricked into viewing a malicious website,
a remote attacker could possibly exploit this to execute arbitrary
code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3640-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4200");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gir1.2-webkit2-4.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '16.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.20.2-0ubuntu0.16.04.1'},
    {'osver': '18.04', 'pkgname': 'gir1.2-javascriptcoregtk-4.0', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'gir1.2-webkit2-4.0', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-18', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-bin', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libjavascriptcoregtk-4.0-dev', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-37-gtk2', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'libwebkit2gtk-4.0-dev', 'pkgver': '2.20.2-0ubuntu0.18.04.1'},
    {'osver': '18.04', 'pkgname': 'webkit2gtk-driver', 'pkgver': '2.20.2-0ubuntu0.18.04.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-webkit2-4.0 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linuxlibjavascriptcoregtk-4.0-18p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18
canonicalubuntu_linuxlibjavascriptcoregtk-4.0-binp-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-bin
canonicalubuntu_linuxlibjavascriptcoregtk-4.0-devp-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-dev
canonicalubuntu_linuxlibwebkit2gtk-4.0-37p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37
canonicalubuntu_linuxlibwebkit2gtk-4.0-37-gtk2p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37-gtk2
canonicalubuntu_linuxlibwebkit2gtk-4.0-devp-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-dev
canonicalubuntu_linuxwebkit2gtk-driverp-cpe:/a:canonical:ubuntu_linux:webkit2gtk-driver
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxgir1.2-javascriptcoregtk-4.0p-cpe:/a:canonical:ubuntu_linux:gir1.2-javascriptcoregtk-4.0
Rows per page:
1-10 of 111

Related

checkpoint_advisories 1
prion 1
packetstorm 1
nessus 11
openvas 10
ubuntu 1
debiancve 1
redhatcve 1
cve 1
archlinux 1
fedora 3
zdt 2
ubuntucve 1
mageia 1
apple 10
centos 1
redhat 1
kaspersky 1
suse 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
KDE WebKit Use-after-free Memory Corruption (CVE-2018-4200)
2018-05-07 00:00:00
prion
prion
Memory corruption
2018-06-08 18:29:00
packetstorm
packetstorm
WebKit WebCore::jsElementScrollHeightGette Use-After-Free
2018-05-01 00:00:00
nessus
nessus
Fedora 27 : webkitgtk4 (2018-93ba62d099)
2018-05-16 00:00:00
Fedora 26 : webkitgtk4 (2018-6a9fea1b3a)
2018-05-23 00:00:00
Fedora 28 : webkit2gtk3 (2018-97c58e29e4)
2019-01-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3640-1)
2018-05-09 00:00:00
Fedora Update for webkit2gtk3 FEDORA-2018-97c58e29e4
2018-05-16 00:00:00
Fedora Update for webkitgtk4 FEDORA-2018-6a9fea1b3a
2018-05-22 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerability
2018-05-08 00:00:00
debiancve
debiancve
CVE-2018-4200
2018-06-08 18:29:00
redhatcve
redhatcve
CVE-2018-4200
2020-01-19 03:34:24
cve
cve
CVE-2018-4200
2018-06-08 18:29:00
archlinux
archlinux
[ASA-201805-9] webkit2gtk: arbitrary code execution
2018-05-13 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: webkitgtk4-2.20.2-1.fc27
2018-05-15 19:54:33
[SECURITY] Fedora 26 Update: webkitgtk4-2.20.2-1.fc26
2018-05-21 14:01:26
[SECURITY] Fedora 28 Update: webkit2gtk3-2.20.2-1.fc28
2018-05-11 21:15:57
zdt
zdt
WebKit WebCore::jsElementScrollHeightGette Use-After-Free Exploit
2018-05-02 00:00:00
WebKitGTK+ Memory Corruption / Code Execution Vulnerability
2018-05-09 00:00:00
ubuntucve
ubuntucve
CVE-2018-4200
2018-05-07 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2018-05-29 22:41:14
apple
apple
About the security content of Safari 11.1 - Apple Support
2018-05-02 04:46:36
About the security content of Safari 11.1
2018-04-24 00:00:00
About the security content of iOS 11.3.1
2018-04-24 00:00:00
centos
centos
PackageKit, accountsservice, adwaita, appstream, at, atk, baobab, bolt, brasero, cairo, cheese, clutter, compat, control, dconf, devhelp, ekiga, empathy, eog, evince, evolution, file, flatpak, folks, fontconfig, freetype, fribidi, fwupd, fwupdate, gcr, gdk, gdm, gedit, geoclue2, geocode, gjs, glade, glib, glib2, glibmm24, gnome, gnote, gobject, gom, google, grilo, gsettings, gspell, gssdp, gstreamer1, gtk, gtk3, gtksourceview3, gucharmap, gupnp, gvfs, harfbuzz, json, libappstream, libchamplain, libcroco, libgdata, libgee, libgepub, libgexiv2, libgnomekbd, libgovirt, libgtop2, libgweather, libgxps, libical, libmediaart, libosinfo, libpeas, librsvg2, libsecret, libsoup, libwayland, libwnck3, mozjs52, mutter, nautilus, openchange, osinfo, pango, poppler, python2, rest, rhythmbox, seahorse, shotwell, sushi, totem, upower, vala, valadoc, vino, vte, vte291, wayland, webkitgtk4, xdg, yelp, zenity security update
2018-11-15 18:43:07
redhat
redhat
(RHSA-2018:3140) Moderate: GNOME security, bug fix, and enhancement update
2018-10-30 04:22:45
kaspersky
kaspersky
KLA11282 Multiple vulnerabilities in Apple iTunes
2018-05-29 00:00:00
suse
suse
Security update for webkit2gtk3 (moderate)
2018-10-26 00:11:58
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2018-08-22 00:00:00
JSON
Related for UBUNTU_USN-3640-1.NASL
checkpoint_advisories1prion1packetstorm1nessus11openvas10ubuntu1debiancve1redhatcve1cve1archlinux1fedora3zdt2ubuntucve1mageia1apple10centos1redhat1kaspersky1suse1gentoo1