Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5095-1.NASL
HistorySep 30, 2021 - 12:00 a.m.

Ubuntu 18.04 LTS / 20.04 LTS : Apache Commons IO vulnerability (USN-5095-1)

2021-09-3000:00:00
Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
50
JSON

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5095-1 advisory.

  • In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like //โ€ฆ/foo, or \โ€ฆ\foo, the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus limited path traversal), if the calling code would use the result to construct a path value. (CVE-2021-29425)

Note that Nessus has not tested for this issue but has instead relied only on the applicationโ€™s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5095-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153788);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/16");

  script_cve_id("CVE-2021-29425");
  script_xref(name:"USN", value:"5095-1");

  script_name(english:"Ubuntu 18.04 LTS / 20.04 LTS : Apache Commons IO vulnerability (USN-5095-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced
in the USN-5095-1 advisory.

  - In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input
    string, like //../foo, or \\..\foo, the result would be the same value, thus possibly providing access
    to files in the parent directory, but not further above (thus limited path traversal), if the calling
    code would use the result to construct a path value. (CVE-2021-29425)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5095-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected libcommons-io-java package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-29425");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcommons-io-java");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '18.04', 'pkgname': 'libcommons-io-java', 'pkgver': '2.6-2ubuntu0.18.04.1'},
    {'osver': '20.04', 'pkgname': 'libcommons-io-java', 'pkgver': '2.6-2ubuntu0.20.04.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libcommons-io-java');
}
VendorProductVersionCPE
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linuxlibcommons-io-javap-cpe:/a:canonical:ubuntu_linux:libcommons-io-java

Related

ibm 45
suse 1
broadcom 1
ubuntucve 1
osv 3
openvas 5
nessus 20
veracode 1
github 1
amazon 1
attackerkb 1
redhatcve 1
ubuntu 1
prion 1
debian 1
debiancve 1
cve 1
redos 4
redhat 15
oracle 9
ibm
ibm
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Apache Commons ( CVE-2021-29425)
2021-07-14 18:25:14
Security Bulletin: Multiple vulnerabilities in Apache Commons IO affect IBM Application Performance Management products
2023-09-13 07:48:23
Security Bulletin: Vulberability in Apache commons io library affects IBM Engineering Test Management (ETM) (CVE-2021-29425)
2023-07-18 07:19:01
suse
suse
Security update for apache-commons-io (moderate)
2021-04-23 00:00:00
broadcom
broadcom
Apache Commons IO Vulnerability (CVE-2021-29425)
2023-12-18 00:00:00
ubuntucve
ubuntucve
CVE-2021-29425
2021-04-13 00:00:00
osv
osv
commons-io - security update
2021-08-12 00:00:00
commons-io vulnerability
2021-09-29 16:49:53
Path Traversal and Improper Input Validation in Apache Commons IO
2021-04-26 16:04:00
openvas
openvas
Debian: Security Advisory (DLA-2741-1)
2021-08-13 00:00:00
Ubuntu: Security Advisory (USN-5095-1)
2021-09-30 00:00:00
openSUSE: Security Advisory for apache-commons-io (openSUSE-SU-2021:0605-1)
2021-04-24 00:00:00
nessus
nessus
Amazon Linux 2 : apache-commons-io (ALAS-2023-2059)
2023-06-05 00:00:00
Debian DLA-2741-1 : commons-io - LTS security update
2021-08-19 00:00:00
openSUSE Security Update : apache-commons-io (openSUSE-2021-605)
2021-05-18 00:00:00
veracode
veracode
Directory Traversal
2021-04-13 06:39:15
github
github
Path Traversal and Improper Input Validation in Apache Commons IO
2021-04-26 16:04:00
amazon
amazon
Medium: apache-commons-io
2023-05-25 17:41:00
attackerkb
attackerkb
CVE-2021-29425
2021-04-13 00:00:00
redhatcve
redhatcve
CVE-2021-29425
2021-04-12 21:16:13
ubuntu
ubuntu
Apache Commons IO vulnerability
2021-09-29 00:00:00
prion
prion
Path traversal
2021-04-13 07:15:00
debian
debian
[SECURITY] [DLA 2741-1] commons-io security update
2021-08-12 20:18:44
debiancve
debiancve
CVE-2021-29425
2021-04-13 07:15:00
cve
cve
CVE-2021-29425
2021-04-13 07:15:00
redos
redos
ROS-2-604
2021-09-08 00:00:00
ROS-2-626
2021-09-08 00:00:00
ROS-2-582
2021-09-08 00:00:00
redhat
redhat
(RHSA-2021:2465) Moderate: Red Hat build of Eclipse Vert.x 4.1.0 security update
2021-07-07 06:25:26
(RHSA-2021:3466) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 6
2021-09-08 11:38:57
(RHSA-2021:3468) Important: Red Hat JBoss Enterprise Application Platform 7.3.9 security update on RHEL 8
2021-09-08 11:39:05
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
JSON
Related for UBUNTU_USN-5095-1.NASL
ibm45suse1broadcom1ubuntucve1osv3openvas5nessus20veracode1github1amazon1attackerkb1redhatcve1ubuntu1prion1debian1debiancve1cve1redos4redhat15oracle9