Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5448-1.NASL
HistoryMay 27, 2022 - 12:00 a.m.

Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5448-1)

2022-05-2700:00:00
Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5448-1 advisory.

  • In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10684)

  • In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. (CVE-2017-10685)

  • In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. (CVE-2017-11112)

  • In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. (CVE-2017-11113)

  • There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. (CVE-2017-13728)

  • There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. (CVE-2017-13729)

  • There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. (CVE-2017-13730)

  • There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. (CVE-2017-13731)

  • There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. (CVE-2017-13732)

  • There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. (CVE-2017-13733)

  • There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. (CVE-2017-13734)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5448-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(161634);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/10");

  script_cve_id(
    "CVE-2017-10684",
    "CVE-2017-10685",
    "CVE-2017-11112",
    "CVE-2017-11113",
    "CVE-2017-13728",
    "CVE-2017-13729",
    "CVE-2017-13730",
    "CVE-2017-13731",
    "CVE-2017-13732",
    "CVE-2017-13733",
    "CVE-2017-13734"
  );
  script_xref(name:"USN", value:"5448-1");

  script_name(english:"Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5448-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in
the USN-5448-1 advisory.

  - In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will
    lead to a remote arbitrary code execution attack. (CVE-2017-10684)

  - In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will
    lead to a remote arbitrary code execution attack. (CVE-2017-10685)

  - In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of
    tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is
    used to process untrusted terminfo data. (CVE-2017-11112)

  - In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of
    tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is
    used to process untrusted terminfo data. (CVE-2017-11113)

  - There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A
    crafted input will lead to a remote denial of service attack. (CVE-2017-13728)

  - There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will
    lead to a remote denial of service attack. (CVE-2017-13729)

  - There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0
    that might lead to a remote denial of service attack. (CVE-2017-13730)

  - There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0
    that will lead to a remote denial of service attack. (CVE-2017-13731)

  - There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that
    might lead to a remote denial of service attack. (CVE-2017-13732)

  - There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that
    might lead to a remote denial of service attack. (CVE-2017-13733)

  - There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will
    lead to a remote denial of service attack. (CVE-2017-13734)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5448-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10685");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32tinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32tinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64ncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64tinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32ncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32tinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libx32tinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ncurses-term");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'lib32ncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib32ncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib32ncursesw5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib32ncursesw5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib32tinfo-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib32tinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib64ncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib64ncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'lib64tinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libncursesw5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libncursesw5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libtinfo-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libtinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libx32ncurses5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libx32ncurses5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libx32ncursesw5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libx32ncursesw5-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libx32tinfo-dev', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'libx32tinfo5', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'ncurses-base', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'ncurses-bin', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'ncurses-examples', 'pkgver': '6.0+20160213-1ubuntu1+esm1'},
    {'osver': '16.04', 'pkgname': 'ncurses-term', 'pkgver': '6.0+20160213-1ubuntu1+esm1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lib32ncurses5 / lib32ncurses5-dev / lib32ncursesw5 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linuxlib32ncurses5p-cpe:/a:canonical:ubuntu_linux:lib32ncurses5
canonicalubuntu_linuxlib32ncurses5-devp-cpe:/a:canonical:ubuntu_linux:lib32ncurses5-dev
canonicalubuntu_linuxlib32ncursesw5p-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5
canonicalubuntu_linuxlib32ncursesw5-devp-cpe:/a:canonical:ubuntu_linux:lib32ncursesw5-dev
canonicalubuntu_linuxlib32tinfo-devp-cpe:/a:canonical:ubuntu_linux:lib32tinfo-dev
canonicalubuntu_linuxlib32tinfo5p-cpe:/a:canonical:ubuntu_linux:lib32tinfo5
canonicalubuntu_linuxlib64ncurses5p-cpe:/a:canonical:ubuntu_linux:lib64ncurses5
canonicalubuntu_linuxlib64ncurses5-devp-cpe:/a:canonical:ubuntu_linux:lib64ncurses5-dev
canonicalubuntu_linuxlib64tinfo5p-cpe:/a:canonical:ubuntu_linux:lib64tinfo5
Rows per page:
1-10 of 261

Related

openvas 23
ubuntu 1
osv 12
nessus 25
gentoo 1
mageia 2
freebsd 1
ibm 7
suse 8
amazon 1
ubuntucve 11
redhatcve 11
photon 4
cve 11
prion 11
alpinelinux 11
debiancve 11
veracode 2
openvas
openvas
Ubuntu: Security Advisory (USN-5448-1)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1528)
2020-04-30 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1118)
2020-02-24 00:00:00
ubuntu
ubuntu
ncurses vulnerabilities
2022-05-26 00:00:00
osv
osv
ncurses vulnerabilities
2022-05-26 17:17:13
CVE-2017-13733
2017-08-29 06:29:00
CVE-2017-13731
2017-08-29 06:29:00
nessus
nessus
GLSA-201804-13 : ncurses: Multiple vulnerabilities
2018-04-18 00:00:00
SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0284-1)
2018-01-31 00:00:00
EulerOS 2.0 SP5 : ncurses (EulerOS-SA-2020-1118)
2020-02-24 00:00:00
gentoo
gentoo
ncurses: Multiple vulnerabilities
2018-04-17 00:00:00
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2018-01-01 04:17:34
Updated ncurses packages fix security vulnerabilities
2018-01-01 04:17:34
freebsd
freebsd
ncurses -- multiple issues
2017-08-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ncurses affect IBM Chassis Management Module (CMM)
2019-01-31 02:40:01
Security Bulletin: Vulnerabilities in Ncurses affect IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
suse
suse
Security update for ncurses (important)
2017-12-01 18:16:43
Recommended update for ncurses (important)
2017-07-06 15:12:50
Recommended update for ncurses (important)
2017-07-07 15:14:15
amazon
amazon
Medium: ncurses
2019-09-30 22:49:00
ubuntucve
ubuntucve
CVE-2017-10685
2017-06-29 00:00:00
CVE-2017-13731
2017-08-29 00:00:00
CVE-2017-13732
2017-08-29 00:00:00
redhatcve
redhatcve
CVE-2017-10685
2017-07-20 13:18:36
CVE-2017-13731
2017-09-06 13:19:09
CVE-2017-13732
2017-09-06 13:19:21
photon
photon
Important Photon OS Security Update - PHSA-2017-0054
2017-08-08 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0024
2017-07-13 00:00:00
Critical Photon OS Security Update - PHSA-2017-0093
2017-12-18 00:00:00
cve
cve
CVE-2017-13733
2017-08-29 06:29:00
CVE-2017-13731
2017-08-29 06:29:00
CVE-2017-13729
2017-08-29 06:29:00
prion
prion
Design/Logic Flaw
2017-08-29 06:29:00
Design/Logic Flaw
2017-08-29 06:29:00
Format string
2017-06-29 23:29:00
alpinelinux
alpinelinux
CVE-2017-13731
2017-08-29 06:29:00
CVE-2017-13733
2017-08-29 06:29:00
CVE-2017-13730
2017-08-29 06:29:00
debiancve
debiancve
CVE-2017-13731
2017-08-29 06:29:00
CVE-2017-13733
2017-08-29 06:29:00
CVE-2017-13728
2017-08-29 06:29:00
veracode
veracode
Remote Code Execution (RCE)
2020-05-10 23:27:33
Buffer Overflow
2020-05-10 23:27:32
JSON
Related for UBUNTU_USN-5448-1.NASL
openvas23ubuntu1osv12nessus25gentoo1mageia2freebsd1ibm7suse8amazon1ubuntucve11redhatcve11photon4cve11prion11alpinelinux11debiancve11veracode2