Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-986-1.NASL
HistorySep 21, 2010 - 12:00 a.m.

Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : bzip2 vulnerability (USN-986-1)

2010-09-2100:00:00
Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

An integer overflow was discovered in bzip2. If a user or automated system were tricked into decompressing a crafted bz2 file, an attacker could cause bzip2 or any application linked against libbz2 to crash or possibly execute code as the user running the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-986-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(49303);
  script_version("1.20");
  script_cvs_date("Date: 2019/09/19 12:54:26");

  script_cve_id("CVE-2010-0405");
  script_xref(name:"USN", value:"986-1");
  script_xref(name:"IAVB", value:"2010-B-0083");

  script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : bzip2 vulnerability (USN-986-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An integer overflow was discovered in bzip2. If a user or automated
system were tricked into decompressing a crafted bz2 file, an attacker
could cause bzip2 or any application linked against libbz2 to crash or
possibly execute code as the user running the program.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/986-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bzip2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bzip2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32bz2-1.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib32bz2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64bz2-1.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:lib64bz2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbz2-1.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbz2-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(6\.06|8\.04|9\.04|9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 9.04 / 9.10 / 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"bzip2", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"lib32bz2-1.0", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"lib32bz2-dev", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"lib64bz2-1.0", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"lib64bz2-dev", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libbz2-1.0", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"libbz2-dev", pkgver:"1.0.3-0ubuntu2.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"bzip2", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"bzip2-doc", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"lib32bz2-1.0", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"lib32bz2-dev", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"lib64bz2-1.0", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"lib64bz2-dev", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libbz2-1.0", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"libbz2-dev", pkgver:"1.0.4-2ubuntu4.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"bzip2", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"bzip2-doc", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"lib32bz2-1.0", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"lib32bz2-dev", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"lib64bz2-1.0", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"lib64bz2-dev", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libbz2-1.0", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.04", pkgname:"libbz2-dev", pkgver:"1.0.5-1ubuntu1.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"bzip2", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"bzip2-doc", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"lib32bz2-1.0", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"lib32bz2-dev", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"lib64bz2-1.0", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"lib64bz2-dev", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libbz2-1.0", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"9.10", pkgname:"libbz2-dev", pkgver:"1.0.5-3ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"bzip2", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"bzip2-doc", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"lib32bz2-1.0", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"lib32bz2-dev", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"lib64bz2-1.0", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"lib64bz2-dev", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libbz2-1.0", pkgver:"1.0.5-4ubuntu0.1")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"libbz2-dev", pkgver:"1.0.5-4ubuntu0.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bzip2 / bzip2-doc / lib32bz2-1.0 / lib32bz2-dev / lib64bz2-1.0 / etc");
}
VendorProductVersionCPE
canonicalubuntu_linuxbzip2p-cpe:/a:canonical:ubuntu_linux:bzip2
canonicalubuntu_linuxbzip2-docp-cpe:/a:canonical:ubuntu_linux:bzip2-doc
canonicalubuntu_linuxlib32bz2-1.0p-cpe:/a:canonical:ubuntu_linux:lib32bz2-1.0
canonicalubuntu_linuxlib32bz2-devp-cpe:/a:canonical:ubuntu_linux:lib32bz2-dev
canonicalubuntu_linuxlib64bz2-1.0p-cpe:/a:canonical:ubuntu_linux:lib64bz2-1.0
canonicalubuntu_linuxlib64bz2-devp-cpe:/a:canonical:ubuntu_linux:lib64bz2-dev
canonicalubuntu_linuxlibbz2-1.0p-cpe:/a:canonical:ubuntu_linux:libbz2-1.0
canonicalubuntu_linuxlibbz2-devp-cpe:/a:canonical:ubuntu_linux:libbz2-dev
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts
canonicalubuntu_linux6.06cpe:/o:canonical:ubuntu_linux:6.06:-:lts
Rows per page:
1-10 of 131

Related

openvas 45
nessus 38
osv 1
oraclelinux 2
redhat 2
f5 2
fedora 7
freebsd_advisory 1
debiancve 1
ubuntu 3
freebsd 1
veracode 1
centos 1
ibm 1
slackware 1
debian 2
cve 1
altlinux 1
securityvulns 6
prion 1
gentoo 2
ubuntucve 1
vmware 4
openvas
openvas
Gentoo Security Advisory GLSA 201301-05
2015-09-29 00:00:00
RedHat Update for bzip2 RHSA-2010:0703-01
2010-09-22 00:00:00
Fedora Update for clamav FEDORA-2010-17439
2010-11-23 00:00:00
nessus
nessus
CentOS 3 / 4 / 5 : bzip2 (CESA-2010:0703)
2010-09-22 00:00:00
GLSA-201301-05 : bzip2: User-assisted execution of arbitrary code
2013-01-09 00:00:00
Fedora 14 : bzip2-1.0.6-1.fc14 (2010-15106)
2010-09-27 00:00:00
osv
osv
bzip2 - integer overflow
2010-09-20 00:00:00
oraclelinux
oraclelinux
bzip2 security update
2010-09-20 00:00:00
bzip2 security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2010:0858) Important: bzip2 security update
2010-11-10 00:00:00
(RHSA-2010:0703) Important: bzip2 security update
2010-09-20 00:00:00
f5
f5
K15878 : bzip2 vulnerability CVE-2010-0405
2014-11-27 00:00:00
SOL15878 - bzip2 vulnerability CVE-2010-0405
2014-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: bzip2-1.0.6-1.fc14
2010-09-25 05:35:13
[SECURITY] Fedora 13 Update: clamav-0.96.4-1300.fc13
2010-11-22 22:15:40
[SECURITY] Fedora 12 Update: bzip2-1.0.6-1.fc12
2010-11-23 21:53:55
freebsd_advisory
freebsd_advisory
FreeBSD-SA-10:08.bzip2
2010-09-20 00:00:00
debiancve
debiancve
CVE-2010-0405
2010-09-28 18:00:00
ubuntu
ubuntu
dpkg vulnerability
2010-09-20 00:00:00
ClamAV vulnerability
2010-09-20 00:00:00
bzip2 vulnerability
2010-09-20 00:00:00
freebsd
freebsd
bzip2 -- integer overflow vulnerability
2010-09-21 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:48:32
centos
centos
bzip2 security update
2010-09-21 09:46:58
ibm
ibm
Security Bulletin: Vulnerability in bzip2 and libbzip2 before affects IBM License Metric Tool and IBM BigFix Inventory (CVE-2010-0405)
2022-08-19 23:26:06
slackware
slackware
[slackware-security] bzip2
2010-09-20 21:32:17
debian
debian
[SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow
2010-09-20 11:05:59
[SECURITY] [DSA-2112-1] New bzip2 packages fix integer overflow
2010-09-20 11:05:59
cve
cve
CVE-2010-0405
2010-09-28 18:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package bzip2 version 1:1.0.6-alt1
2010-09-20 00:00:00
securityvulns
securityvulns
bzip2 integer overflow
2010-09-20 00:00:00
[USN-986-1] bzip2 vulnerability
2010-09-20 00:00:00
VMSA-20120005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-20 00:00:00
prion
prion
Integer overflow
2010-09-28 18:00:00
gentoo
gentoo
bzip2: User-assisted execution of arbitrary code
2013-01-09 00:00:00
Clam AntiVirus: Multiple vulnerabilities
2011-10-24 00:00:00
ubuntucve
ubuntucve
CVE-2010-0405
2010-09-20 00:00:00
vmware
vmware
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware ESX third party updates for Service Console
2010-12-07 00:00:00
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
2012-03-15 00:00:00
JSON
Related for UBUNTU_USN-986-1.NASL
openvas45nessus38osv1oraclelinux2redhat2f52fedora7freebsd_advisory1debiancve1ubuntu3freebsd1veracode1centos1ibm1slackware1debian2cve1altlinux1securityvulns6prion1gentoo2ubuntucve1vmware4