Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)

2020-07-07T00:00:00
ID UBUNTU_USN-4416-1.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-07-07T00:00:00

Description

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4416-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(138166);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/12/07");

  script_cve_id("CVE-2017-12133", "CVE-2017-18269", "CVE-2018-11236", "CVE-2018-11237", "CVE-2018-19591", "CVE-2018-6485", "CVE-2019-19126", "CVE-2019-9169", "CVE-2020-10029", "CVE-2020-1751", "CVE-2020-1752");
  script_xref(name:"USN", value:"4416-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"Florian Weimer discovered that the GNU C Library incorrectly handled
certain memory operations. A remote attacker could use this issue to
cause the GNU C Library to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-12133) It was discovered that the GNU C Library
incorrectly handled certain SSE2-optimized memmove operations. A
remote attacker could use this issue to cause the GNU C Library to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It
was discovered that the GNU C Library incorrectly handled certain
pathname operations. A remote attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or
possibly execute arbitrary code. This issue only affected Ubuntu 18.04
LTS. (CVE-2018-11236) It was discovered that the GNU C Library
incorrectly handled certain AVX-512-optimized mempcpy operations. A
remote attacker could use this issue to cause the GNU C Library to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It
was discovered that the GNU C Library incorrectly handled certain
hostname loookups. A remote attacker could use this issue to cause the
GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-19591) Jakub Wilk discovered that the GNU C Library
incorrectly handled certain memalign functions. A remote attacker
could use this issue to cause the GNU C Library to crash, resulting in
a denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that
the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC
environment variable after security transitions. A local attacker
could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It
was discovered that the GNU C Library incorrectly handled certain
regular expressions. A remote attacker could possibly use this issue
to cause the GNU C Library to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-9169) It was discovered that the GNU C Library incorrectly
handled certain bit patterns. A remote attacker could use this issue
to cause the GNU C Library to crash, resulting in a denial of service,
or possibly execute arbitrary code. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered
that the GNU C Library incorrectly handled certain signal trampolines
on PowerPC. A remote attacker could use this issue to cause the GNU C
Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU
C Library incorrectly handled tilde expansion. A remote attacker could
use this issue to cause the GNU C Library to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2020-1752).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4416-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected libc6 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9169");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|18\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"libc6", pkgver:"2.23-0ubuntu11.2")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"libc6", pkgver:"2.27-3ubuntu1.2")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"libc6", pkgver:"2.30-0ubuntu2.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
}