Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310833387HistoryMar 04, 2024 - 12:00 a.m.
openSUSE: Security Advisory for connman (openSUSE-SU-2022:10076-1)
2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
1
opensuse
security advisory
connman
cve-2022-32292
cve-2022-32293
update
package
vulnerability
heap overflow
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
88.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.833387");
script_version("2024-04-16T05:05:31+0000");
script_cve_id("CVE-2022-32292", "CVE-2022-32293");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-04-16 05:05:31 +0000 (Tue, 16 Apr 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-09 16:51:27 +0000 (Tue, 09 Aug 2022)");
script_tag(name:"creation_date", value:"2024-03-04 07:16:49 +0000 (Mon, 04 Mar 2024)");
script_name("openSUSE: Security Advisory for connman (openSUSE-SU-2022:10076-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSEBackportsSLE-15-SP4");
script_xref(name:"Advisory-ID", value:"openSUSE-SU-2022:10076-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/UWUYL7FE7EBPBC7ZEMY2Q5OKW2V6KZ5F");
script_tag(name:"summary", value:"The remote host is missing an update for the 'connman'
package(s) announced via the openSUSE-SU-2022:10076-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for connman fixes the following issues:
- CVE-2022-32292: Add refcounting to wispr portal detection to avoid heap
overflow (boo#1200190)
- CVE-2022-32292: Fix OOB write in received_data (boo#1200189)");
script_tag(name:"affected", value:"'connman' package(s) on openSUSE Backports SLE-15-SP4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSEBackportsSLE-15-SP4") {
if(!isnull(res = isrpmvuln(pkg:"connman", rpm:"connman~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-client", rpm:"connman-client~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-devel", rpm:"connman-devel~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-doc", rpm:"connman-doc~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-nmcompat", rpm:"connman-nmcompat~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-iospm", rpm:"connman-plugin-iospm~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-l2tp", rpm:"connman-plugin-l2tp~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-openvpn", rpm:"connman-plugin-openvpn~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-polkit", rpm:"connman-plugin-polkit~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-pptp", rpm:"connman-plugin-pptp~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-wireguard", rpm:"connman-plugin-wireguard~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-test", rpm:"connman-test~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-vpnc", rpm:"connman-plugin-vpnc~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-hh2serial-gps", rpm:"connman-plugin-hh2serial-gps~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-tist", rpm:"connman-plugin-tist~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman", rpm:"connman~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-client", rpm:"connman-client~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-devel", rpm:"connman-devel~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-doc", rpm:"connman-doc~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-nmcompat", rpm:"connman-nmcompat~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-iospm", rpm:"connman-plugin-iospm~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-l2tp", rpm:"connman-plugin-l2tp~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-openvpn", rpm:"connman-plugin-openvpn~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-polkit", rpm:"connman-plugin-polkit~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-pptp", rpm:"connman-plugin-pptp~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-wireguard", rpm:"connman-plugin-wireguard~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-test", rpm:"connman-test~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-vpnc", rpm:"connman-plugin-vpnc~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-hh2serial-gps", rpm:"connman-plugin-hh2serial-gps~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"connman-plugin-tist", rpm:"connman-plugin-tist~1.41~bp154.2.3.1", rls:"openSUSEBackportsSLE-15-SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
suse
suse
Security update for connman (critical)
2022-08-02 00:00:00
Security update for connman (critical)
2022-09-30 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3105-1)
2022-09-14 00:00:00
Mageia: Security Advisory (MGASA-2022-0319)
2022-09-07 00:00:00
Debian: Security Advisory (DSA-5231-1)
2022-09-20 00:00:00
nessus
nessus
Debian DLA-3105-1 : connman - LTS security update
2022-09-13 00:00:00
openSUSE 15 Security Update : connman (openSUSE-SU-2022:10076-1)
2022-08-03 00:00:00
openSUSE 15 Security Update : connman (openSUSE-SU-2022:10134-1)
2022-10-01 00:00:00
mageia
mageia
Updated connman packages fix security vulnerability
2022-09-07 08:27:53
debian
debian
[SECURITY] [DLA 3105-1] connman security update
2022-09-13 08:33:21
[SECURITY] [DSA 5231-1] connman security update
2022-09-17 15:55:45
[SECURITY] [DLA 3144-1] connman security update
2022-10-10 18:09:19
osv
osv
connman - security update
2022-09-13 00:00:00
connman - security update
2022-09-17 00:00:00
connman vulnerabilities
2023-07-19 08:45:49
prion
prion
Code injection
2022-08-03 14:15:00
Heap overflow
2022-08-03 14:15:00
debiancve
debiancve
CVE-2022-32293
2022-08-03 14:15:00
CVE-2022-32292
2022-08-03 14:15:00
zdi
zdi
veracode
veracode
Denial Of Service (DoS)
2022-08-31 11:02:25
Use-After-Free
2022-08-31 11:02:47
gentoo
gentoo
ConnMan: Multiple Vulnerabilities
2023-10-31 00:00:00
alpinelinux
alpinelinux
CVE-2022-32293
2022-08-03 14:15:00
CVE-2022-32292
2022-08-03 14:15:00
cve
cve
CVE-2022-32293
2022-08-03 14:15:00
CVE-2022-32292
2022-08-03 14:15:00
ubuntucve
ubuntucve
CVE-2022-32293
2022-08-03 00:00:00
CVE-2022-32292
2022-08-03 00:00:00
ubuntu
ubuntu
ConnMan vulnerabilities
2023-07-19 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
88.9%
Related for OPENVAS:1361412562310833387