Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3764-1.NASL
HistorySep 12, 2018 - 12:00 a.m.

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Zsh vulnerabilities (USN-3764-1)

2018-09-1200:00:00
Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-0502, CVE-2018-13259)

Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1100).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3764-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(117456);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/21");

  script_cve_id("CVE-2018-0502", "CVE-2018-1100", "CVE-2018-13259");
  script_xref(name:"USN", value:"3764-1");

  script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Zsh vulnerabilities (USN-3764-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"It was discovered that Zsh incorrectly handled certain scripts. An
attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-0502, CVE-2018-13259)

Richard Maciel Costa discovered that Zsh incorrectly handled certain
scripts. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2018-1100).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3764-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-13259");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zsh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zsh-beta");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zsh-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zsh-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:zsh-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '14.04', 'pkgname': 'zsh', 'pkgver': '5.0.2-3ubuntu6.3'},
    {'osver': '14.04', 'pkgname': 'zsh-beta', 'pkgver': '5.0.2-3ubuntu6.3'},
    {'osver': '14.04', 'pkgname': 'zsh-common', 'pkgver': '5.0.2-3ubuntu6.3'},
    {'osver': '14.04', 'pkgname': 'zsh-dev', 'pkgver': '5.0.2-3ubuntu6.3'},
    {'osver': '14.04', 'pkgname': 'zsh-static', 'pkgver': '5.0.2-3ubuntu6.3'},
    {'osver': '16.04', 'pkgname': 'zsh', 'pkgver': '5.1.1-1ubuntu2.3'},
    {'osver': '16.04', 'pkgname': 'zsh-common', 'pkgver': '5.1.1-1ubuntu2.3'},
    {'osver': '16.04', 'pkgname': 'zsh-dev', 'pkgver': '5.1.1-1ubuntu2.3'},
    {'osver': '16.04', 'pkgname': 'zsh-static', 'pkgver': '5.1.1-1ubuntu2.3'},
    {'osver': '18.04', 'pkgname': 'zsh', 'pkgver': '5.4.2-3ubuntu3.1'},
    {'osver': '18.04', 'pkgname': 'zsh-common', 'pkgver': '5.4.2-3ubuntu3.1'},
    {'osver': '18.04', 'pkgname': 'zsh-dev', 'pkgver': '5.4.2-3ubuntu3.1'},
    {'osver': '18.04', 'pkgname': 'zsh-static', 'pkgver': '5.4.2-3ubuntu3.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'zsh / zsh-beta / zsh-common / zsh-dev / zsh-static');
}
VendorProductVersionCPE
canonicalubuntu_linuxzshp-cpe:/a:canonical:ubuntu_linux:zsh
canonicalubuntu_linuxzsh-betap-cpe:/a:canonical:ubuntu_linux:zsh-beta
canonicalubuntu_linuxzsh-commonp-cpe:/a:canonical:ubuntu_linux:zsh-common
canonicalubuntu_linuxzsh-devp-cpe:/a:canonical:ubuntu_linux:zsh-dev
canonicalubuntu_linuxzsh-staticp-cpe:/a:canonical:ubuntu_linux:zsh-static
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts

Related

ubuntu 1
openvas 12
nessus 48
amazon 4
fedora 5
gentoo 2
archlinux 2
suse 3
osv 4
debian 1
centos 3
debiancve 3
cve 3
prion 3
redhatcve 3
ubuntucve 3
veracode 3
oraclelinux 3
redhat 3
photon 4
rosalinux 1
slackware 1
ubuntu
ubuntu
Zsh vulnerabilities
2018-09-11 00:00:00
openvas
openvas
Ubuntu Update for zsh USN-3764-1
2018-10-26 00:00:00
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2019-2235)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2019-2459)
2020-01-23 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : zsh (EulerOS-SA-2019-2235)
2019-11-08 00:00:00
Fedora 29 : zsh (2018-5ad8e216d2)
2019-01-03 00:00:00
SUSE SLED15 / SLES15 Security Update : zsh (SUSE-SU-2018:2686-1)
2019-01-02 00:00:00
amazon
amazon
Medium: zsh
2018-10-08 22:18:00
Medium: zsh
2019-09-13 22:56:00
Medium: zsh
2018-05-10 17:23:00
fedora
fedora
[SECURITY] Fedora 29 Update: zsh-5.6.2-1.fc29
2018-10-02 19:34:46
[SECURITY] Fedora 28 Update: zsh-5.5.1-2.fc28
2018-09-11 17:03:55
[SECURITY] Fedora 27 Update: zsh-5.4.1-4.fc27
2018-09-14 21:54:37
gentoo
gentoo
Zsh: User-assisted execution of arbitrary code
2019-03-10 00:00:00
Zsh: Multiple vulnerabilities
2018-05-26 00:00:00
archlinux
archlinux
[ASA-201809-3] zsh: insufficient validation
2018-09-24 00:00:00
[ASA-201804-5] zsh: arbitrary code execution
2018-04-11 00:00:00
suse
suse
Security update for zsh (important)
2018-09-17 12:13:49
Security update for zsh (important)
2018-10-02 12:07:57
Security update for zsh (moderate)
2018-07-06 00:07:46
osv
osv
zsh - security update
2020-11-30 00:00:00
CVE-2018-13259
2018-09-05 08:29:00
CVE-2018-1100
2018-04-11 19:29:01
debian
debian
[SECURITY] [DLA 2470-1] zsh security update
2020-12-01 03:35:30
centos
centos
zsh security update
2019-08-30 04:37:53
zsh security update
2018-06-21 11:56:17
zsh security update
2018-11-15 18:54:22
debiancve
debiancve
CVE-2018-13259
2018-09-05 08:29:00
CVE-2018-1100
2018-04-11 19:29:00
CVE-2018-0502
2018-09-05 08:29:00
cve
cve
CVE-2018-13259
2018-09-05 08:29:00
CVE-2018-1100
2018-04-11 19:29:00
CVE-2018-0502
2018-09-05 08:29:00
prion
prion
Design/Logic Flaw
2018-09-05 08:29:00
Design/Logic Flaw
2018-09-05 08:29:00
Stack overflow
2018-04-11 19:29:00
redhatcve
redhatcve
CVE-2018-13259
2018-09-06 17:49:30
CVE-2018-0502
2018-09-06 17:49:46
CVE-2018-1100
2018-04-03 21:19:03
ubuntucve
ubuntucve
CVE-2018-13259
2018-09-05 00:00:00
CVE-2018-0502
2018-09-05 00:00:00
CVE-2018-1100
2018-04-11 00:00:00
veracode
veracode
Arbitrary Command Execution
2019-08-08 00:07:10
Stack-Based Buffer Overflow
2019-05-16 03:01:47
Improper Input Validation
2020-12-06 04:32:39
oraclelinux
oraclelinux
zsh security and bug fix update
2019-08-13 00:00:00
zsh security update
2018-06-25 00:00:00
zsh security and bug fix update
2018-11-05 00:00:00
redhat
redhat
(RHSA-2019:2017) Moderate: zsh security and bug fix update
2019-08-06 07:50:39
(RHSA-2018:1932) Moderate: zsh security update
2018-06-19 02:12:48
(RHSA-2018:3073) Moderate: zsh security and bug fix update
2018-10-30 04:16:11
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0165
2019-06-20 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0050
2018-05-29 00:00:00
Critical Photon OS Security Update - PHSA-2018-0050
2018-05-29 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-2005
2021-07-02 18:22:15
slackware
slackware
[slackware-security] zsh
2019-01-14 04:33:07
JSON
Related for UBUNTU_USN-3764-1.NASL
ubuntu1openvas12nessus48amazon4fedora5gentoo2archlinux2suse3osv4debian1centos3debiancve3cve3prion3redhatcve3ubuntucve3veracode3oraclelinux3redhat3photon4rosalinux1slackware1