Lucene search
Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3727-1.NASLHistoryAug 02, 2018 - 12:00 a.m.
Ubuntu 14.04 LTS : Bouncy Castle vulnerabilities (USN-3727-1)
2018-08-0200:00:00
Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3727-1. The text
# itself is copyright (C) Canonical, Inc. See
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
#
include('compat.inc');
if (description)
{
script_id(111512);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");
script_cve_id(
"CVE-2015-6644",
"CVE-2015-7940",
"CVE-2016-1000338",
"CVE-2016-1000339",
"CVE-2016-1000341",
"CVE-2016-1000342",
"CVE-2016-1000343",
"CVE-2016-1000345",
"CVE-2016-1000346"
);
script_xref(name:"USN", value:"3727-1");
script_name(english:"Ubuntu 14.04 LTS : Bouncy Castle vulnerabilities (USN-3727-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"It was discovered that Bouncy Castle incorrectly handled certain
crypto algorithms. A remote attacker could possibly use these issues
to obtain sensitive information, including private keys.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3727-1");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1000343");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/09");
script_set_attribute(attribute:"patch_publication_date", value:"2018/08/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcmail-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcpg-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcpkix-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbcprov-java");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var pkgs = [
{'osver': '14.04', 'pkgname': 'libbcmail-java', 'pkgver': '1.49+dfsg-2ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libbcpg-java', 'pkgver': '1.49+dfsg-2ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libbcpkix-java', 'pkgver': '1.49+dfsg-2ubuntu0.1'},
{'osver': '14.04', 'pkgname': 'libbcprov-java', 'pkgver': '1.49+dfsg-2ubuntu0.1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : ubuntu_report_get()
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbcmail-java / libbcpg-java / libbcpkix-java / libbcprov-java');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | libbcmail-java | p-cpe:/a:canonical:ubuntu_linux:libbcmail-java |
| canonical | ubuntu_linux | libbcpg-java | p-cpe:/a:canonical:ubuntu_linux:libbcpg-java |
| canonical | ubuntu_linux | libbcpkix-java | p-cpe:/a:canonical:ubuntu_linux:libbcpkix-java |
| canonical | ubuntu_linux | libbcprov-java | p-cpe:/a:canonical:ubuntu_linux:libbcprov-java |
| canonical | ubuntu_linux | 14.04 | cpe:/o:canonical:ubuntu_linux:14.04:-:lts |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
ubuntu.com/security/notices/USN-3727-1
Related
ubuntu
ubuntu
Bouncy Castle vulnerabilities
2018-08-01 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3727-1)
2018-08-02 00:00:00
Debian: Security Advisory (DLA-1418-1)
2018-07-09 00:00:00
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2018:1689-1)
2018-06-15 00:00:00
nessus
nessus
Debian DLA-1418-1 : bouncycastle security update
2018-07-09 00:00:00
openSUSE Security Update : bouncycastle (openSUSE-2018-628)
2018-06-14 00:00:00
RHEL 7 : Satellite Server (RHSA-2018:2927)
2018-10-18 00:00:00
osv
osv
debian
debian
[SECURITY] [DLA 1418-1] bouncycastle security update
2018-07-07 13:56:34
[SECURITY] [DLA 893-1] bouncycastle security update
2017-04-10 19:16:42
[SECURITY] [DSA 3829-1] bouncycastle security update
2017-04-11 20:45:09
atlassian
atlassian
Upgrade Bouncy Castle to fix multiple CVEs
2020-02-21 08:37:09
Upgrade Bouncy Castle to fix multiple CVEs
2020-02-21 08:37:09
suse
suse
Security update for bouncycastle (moderate)
2018-06-14 12:07:50
Security update for bouncycastle (important)
2015-11-04 17:17:31
ibm
ibm
mageia
mageia
Updated bouncycastle packages fix security vulnerabilities
2018-09-21 02:17:55
Updated bouncycastle packages fix security vulnerability
2015-12-28 22:23:26
redhat
redhat
(RHSA-2018:2669) Important: Fuse 7.1 security update
2018-09-11 07:52:48
veracode
veracode
Information Diclosure
2017-01-16 02:25:51
Side Channel Leakage
2017-01-16 04:04:19
Partial Key Validation
2017-01-13 09:33:49
cve
cve
CVE-2016-1000342
2018-06-04 13:29:00
CVE-2016-1000346
2018-06-04 21:29:00
CVE-2016-1000343
2018-06-04 13:29:00
github
github
prion
prion
Design/Logic Flaw
2018-06-04 13:29:00
Code injection
2018-06-04 21:29:00
Design/Logic Flaw
2018-06-04 13:29:00
debiancve
debiancve
CVE-2016-1000341
2018-06-04 13:29:00
CVE-2016-1000343
2018-06-04 13:29:00
CVE-2016-1000342
2018-06-04 13:29:00
redhatcve
redhatcve
CVE-2016-1000339
2018-06-07 18:18:53
CVE-2016-1000346
2018-06-07 05:49:06
CVE-2016-1000343
2018-06-07 18:49:11
ubuntucve
ubuntucve
CVE-2016-1000346
2018-06-04 00:00:00
CVE-2016-1000342
2018-06-04 00:00:00
CVE-2016-1000341
2018-06-04 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: bouncycastle-1.52-9.fc24
2017-05-02 00:24:48
[SECURITY] Fedora 22 Update: bouncycastle-1.50-8.fc22
2016-01-04 19:58:14
f5
f5
K10105323 : Java Bouncy Castle vulnerability CVE-2015-7940
2018-05-22 00:00:00
androidsecurity
androidsecurity
Nexus Security Bulletin—January 2016
2016-01-04 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Related for UBUNTU_USN-3727-1.NASL