Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2020 Greenbone AGOPENVAS:1361412562310844529
HistoryAug 05, 2020 - 12:00 a.m.

Ubuntu: Security Advisory (USN-4449-1)

2020-08-0500:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
1

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.0%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.844529");
  script_cve_id("CVE-2020-11936", "CVE-2020-15701", "CVE-2020-15702");
  script_tag(name:"creation_date", value:"2020-08-05 03:00:37 +0000 (Wed, 05 Aug 2020)");
  script_version("2024-02-02T05:06:07+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"4.4");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2020-08-12 15:24:50 +0000 (Wed, 12 Aug 2020)");

  script_name("Ubuntu: Security Advisory (USN-4449-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2020 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|20\.04\ LTS)");

  script_xref(name:"Advisory-ID", value:"USN-4449-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4449-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'apport' package(s) announced via the USN-4449-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Ryota Shiga working with Trend Micro's Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)

Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)

Ryota Shiga working with Trend Micro's Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker could use
this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)");

  script_tag(name:"affected", value:"'apport' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU16.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.20.1-0ubuntu2.24", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python-apport", ver:"2.20.1-0ubuntu2.24", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python3-apport", ver:"2.20.1-0ubuntu2.24", rls:"UBUNTU16.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU18.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.20.9-0ubuntu7.16", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python-apport", ver:"2.20.9-0ubuntu7.16", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python3-apport", ver:"2.20.9-0ubuntu7.16", rls:"UBUNTU18.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "UBUNTU20.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.20.11-0ubuntu27.6", rls:"UBUNTU20.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"python3-apport", ver:"2.20.11-0ubuntu27.6", rls:"UBUNTU20.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

ubuntu 2
openvas 1
nessus 1
ubuntucve 3
cve 3
zdi 2
prion 2
ubuntu
ubuntu
Apport vulnerabilities
2020-08-04 00:00:00
Apport vulnerabilities
2020-09-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4449-2)
2022-08-26 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Apport vulnerabilities (USN-4449-1)
2020-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2020-15702
2020-08-04 00:00:00
CVE-2020-11936
2020-08-04 00:00:00
CVE-2020-15701
2020-05-13 00:00:00
cve
cve
CVE-2020-15701
2020-08-06 23:15:00
CVE-2020-11936
2022-02-25 22:08:59
CVE-2020-15702
2020-08-06 23:15:00
zdi
zdi
Canonical Ubuntu apport Unnecessary Privileges Information Disclosure Vulnerability
2020-08-11 00:00:00
Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
2020-08-11 00:00:00
prion
prion
Code injection
2020-08-06 23:15:00
Race condition
2020-08-06 23:15:00

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.0%

JSON
Related for OPENVAS:1361412562310844529
ubuntu2openvas1nessus1ubuntucve3cve3zdi2prion2