Lucene search

HistoryJun 20, 2024 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)

2024-06-2000:00:00

www.tenable.com

ubuntu 16.04 lts

ubuntu 18.04 lts

ubuntu 20.04 lts

ubuntu 22.04 lts

gdb vulnerabilities

denial of service

incomplete fix

heap based buffer overflow

stack overflow

use after free

arbitrary code

cve-2022-4285

cve-2023-1972

cve-2023-39128

cve-2023-39129

cve-2023-39130

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6842-1 advisory.

It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An     attacker could possibly use this issue to cause a denial of service. This issue is the result of an     incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285)

It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker     could use this

issue to cause a denial of service, or possibly execute

arbitrary code. This issue only affected Ubuntu 22.04 LTS.

(CVE-2023-1972)

It was discovered that gdb incorrectly handled memory leading to a stack overflow. An attacker could     possibly use this issue to cause a denial of service. This issue only affected

Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

(CVE-2023-39128)

It was discovered that gdb had a use after free vulnerability under certain circumstances. An attacker     could use this to cause

a denial of service or possibly execute arbitrary code. This issue

only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS

and Ubuntu 22.04 LTS. (CVE-2023-39129)

It was discovered that gdb incorrectly handled memory leading to a

heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly     execute arbitrary code. This issue

only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39130)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6842-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(200771);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/20");

  script_cve_id(
    "CVE-2022-4285",
    "CVE-2023-1972",
    "CVE-2023-39128",
    "CVE-2023-39129",
    "CVE-2023-39130"
  );
  script_xref(name:"USN", value:"6842-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : gdb vulnerabilities (USN-6842-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-6842-1 advisory.

    It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An
    attacker could possibly use this issue to cause a denial of service. This issue is the result of an
    incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-4285)

    It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker
    could use this

    issue to cause a denial of service, or possibly execute

    arbitrary code. This issue only affected Ubuntu 22.04 LTS.

    (CVE-2023-1972)

    It was discovered that gdb incorrectly handled memory leading to a stack overflow. An attacker could
    possibly use this issue to cause a denial of service. This issue only affected

    Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

    (CVE-2023-39128)

    It was discovered that gdb had a use after free vulnerability under certain circumstances. An attacker
    could use this to cause

    a denial of service or possibly execute arbitrary code. This issue

    only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS

    and Ubuntu 22.04 LTS. (CVE-2023-39129)

    It was discovered that gdb incorrectly handled memory leading to a

    heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly
    execute arbitrary code. This issue

    only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-39130)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6842-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-1972");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/06/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gdb-multiarch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gdb-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gdb64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gdbserver");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'gdb', 'pkgver': '7.11.1-0ubuntu1~16.5+esm1'},
    {'osver': '16.04', 'pkgname': 'gdb-multiarch', 'pkgver': '7.11.1-0ubuntu1~16.5+esm1'},
    {'osver': '16.04', 'pkgname': 'gdb-source', 'pkgver': '7.11.1-0ubuntu1~16.5+esm1'},
    {'osver': '16.04', 'pkgname': 'gdb64', 'pkgver': '7.11.1-0ubuntu1~16.5+esm1'},
    {'osver': '16.04', 'pkgname': 'gdbserver', 'pkgver': '7.11.1-0ubuntu1~16.5+esm1'},
    {'osver': '18.04', 'pkgname': 'gdb', 'pkgver': '8.1.1-0ubuntu1+esm1'},
    {'osver': '18.04', 'pkgname': 'gdb-multiarch', 'pkgver': '8.1.1-0ubuntu1+esm1'},
    {'osver': '18.04', 'pkgname': 'gdb-source', 'pkgver': '8.1.1-0ubuntu1+esm1'},
    {'osver': '18.04', 'pkgname': 'gdbserver', 'pkgver': '8.1.1-0ubuntu1+esm1'},
    {'osver': '20.04', 'pkgname': 'gdb', 'pkgver': '9.2-0ubuntu1~20.04.2'},
    {'osver': '20.04', 'pkgname': 'gdb-multiarch', 'pkgver': '9.2-0ubuntu1~20.04.2'},
    {'osver': '20.04', 'pkgname': 'gdb-source', 'pkgver': '9.2-0ubuntu1~20.04.2'},
    {'osver': '20.04', 'pkgname': 'gdbserver', 'pkgver': '9.2-0ubuntu1~20.04.2'},
    {'osver': '22.04', 'pkgname': 'gdb', 'pkgver': '12.1-0ubuntu1~22.04.2'},
    {'osver': '22.04', 'pkgname': 'gdb-multiarch', 'pkgver': '12.1-0ubuntu1~22.04.2'},
    {'osver': '22.04', 'pkgname': 'gdb-source', 'pkgver': '12.1-0ubuntu1~22.04.2'},
    {'osver': '22.04', 'pkgname': 'gdbserver', 'pkgver': '12.1-0ubuntu1~22.04.2'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gdb / gdb-multiarch / gdb-source / gdb64 / gdbserver');
}

VendorProductVersionCPE
canonicalubuntu_linuxgdbserverp-cpe:/a:canonical:ubuntu_linux:gdbserver
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linuxgdb-multiarchp-cpe:/a:canonical:ubuntu_linux:gdb-multiarch
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linuxgdbp-cpe:/a:canonical:ubuntu_linux:gdb
canonicalubuntu_linuxgdb64p-cpe:/a:canonical:ubuntu_linux:gdb64
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linuxgdb-sourcep-cpe:/a:canonical:ubuntu_linux:gdb-source

Vendor	Product	Version	CPE
canonical	ubuntu_linux	gdbserver	p-cpe:/a:canonical:ubuntu_linux:gdbserver
canonical	ubuntu_linux	20.04	cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonical	ubuntu_linux	16.04	cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonical	ubuntu_linux	gdb-multiarch	p-cpe:/a:canonical:ubuntu_linux:gdb-multiarch
canonical	ubuntu_linux	18.04	cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonical	ubuntu_linux	gdb	p-cpe:/a:canonical:ubuntu_linux:gdb
canonical	ubuntu_linux	gdb64	p-cpe:/a:canonical:ubuntu_linux:gdb64
canonical	ubuntu_linux	22.04	cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonical	ubuntu_linux	gdb-source	p-cpe:/a:canonical:ubuntu_linux:gdb-source