DATABASE RESOURCES PRICING ABOUT US

{"id": "OPENVAS:1361412562310872536", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for erlang FEDORA-2017-42ebcac2b5", "description": "The remote host is missing an update for the ", "published": "2017-04-01T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872536", "reporter": "Copyright (C) 2017 Greenbone Networks GmbH", "references": ["2017-42ebcac2b5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZVYEWD2MVSRR3PHGRVKPM2J76KL23K3"], "cvelist": ["CVE-2016-10253"], "lastseen": "2019-05-29T18:34:33", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-10253"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10253"]}, {"type": "fedora", "idList": ["FEDORA:9FD57606D249", "FEDORA:BE48360C596D", "FEDORA:C3BB760BCD74"]}, {"type": "ibm", "idList": ["B01E599C44FBFB3AE7B47D550565BCB6F8659C97777CA1F87C3B58C51580F4A6"]}, {"type": "nessus", "idList": ["FEDORA_2017-42EBCAC2B5.NASL", "FEDORA_2017-CBED8F4169.NASL", "FEDORA_2017-E2480C7F50.NASL", "OPENSUSE-2017-1358.NASL", "PHOTONOS_PHSA-2020-1_0-0289_ERLANG.NASL", "PHOTONOS_PHSA-2020-2_0-0231_ERLANG.NASL", "UBUNTU_USN-3571-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843449", "OPENVAS:1361412562310872535"]}, {"type": "photon", "idList": ["PHSA-2020-0231", "PHSA-2020-1.0-0289", "PHSA-2020-2.0-0231"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10253"]}, {"type": "ubuntu", "idList": ["USN-3571-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10253"]}, {"type": "veracode", "idList": ["VERACODE:28333"]}]}, "score": {"value": -0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2016-10253"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-10253"]}, {"type": "fedora", "idList": ["FEDORA:9FD57606D249", "FEDORA:BE48360C596D", "FEDORA:C3BB760BCD74"]}, {"type": "ibm", "idList": ["B01E599C44FBFB3AE7B47D550565BCB6F8659C97777CA1F87C3B58C51580F4A6"]}, {"type": "nessus", "idList": ["FEDORA_2017-42EBCAC2B5.NASL", "FEDORA_2017-CBED8F4169.NASL", "FEDORA_2017-E2480C7F50.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872535"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0289", "PHSA-2020-2.0-0231"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10253"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10253"]}]}, "exploitation": null, "vulnersScore": -0.1}, "pluginID": "1361412562310872536", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for erlang FEDORA-2017-42ebcac2b5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872536\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-01 06:39:34 +0200 (Sat, 01 Apr 2017)\");\n script_cve_id(\"CVE-2016-10253\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for erlang FEDORA-2017-42ebcac2b5\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'erlang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"erlang on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-42ebcac2b5\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZVYEWD2MVSRR3PHGRVKPM2J76KL23K3\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"erlang\", rpm:\"erlang~19.3~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1660032824, "score": 1660006281}, "_internal": {"score_hash": "fad9929691d0423a9a24ad5f0ea47ef1"}}

{"veracode": [{"lastseen": "2022-07-26T13:33:16", "description": "Erlang is vulnerable to buffer overflow. An attacker may use a malformed extpattern to indirectly specify an offset that is used as an array index. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-06T04:04:01", "type": "veracode", "title": "Buffer Overflow", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2022-04-19T18:13:38", "id": "VERACODE:28333", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-28333/summary", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-31T01:19:53", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: erlang-18.3.4.5-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2017-03-31T01:19:53", "id": "FEDORA:C3BB760BCD74", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6MG7AZPSDWFYYBHU7RJBZSGWPE5TTNVJ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-04-01T18:09:12", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: erlang-19.3-2.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2017-04-01T18:09:12", "id": "FEDORA:BE48360C596D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P4HYZENO3UZFAPKPXW34WV3US5VTXYHG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-31T02:24:22", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: erlang-19.3-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2017-03-31T02:24:22", "id": "FEDORA:9FD57606D249", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4ZVYEWD2MVSRR3PHGRVKPM2J76KL23K3/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-01-31T14:31:58", "description": "An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-18T20:59:00", "type": "debiancve", "title": "CVE-2016-10253", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2017-03-18T20:59:00", "id": "DEBIANCVE:CVE-2016-10253", "href": "https://security-tracker.debian.org/tracker/CVE-2016-10253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:03:45", "description": "An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled\nregular expressions is vulnerable to a heap overflow. Regular expressions\nusing a malformed extpattern can indirectly specify an offset that is used\nas an array index. This ordinal permits arbitrary regions within the\nerts_alloc arena to be both read and written to.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858313>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | upstream migrated to a new pcre version instead of using the proposed patch\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-18T00:00:00", "type": "ubuntucve", "title": "CVE-2016-10253", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2017-03-18T00:00:00", "id": "UB:CVE-2016-10253", "href": "https://ubuntu.com/security/CVE-2016-10253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-01T00:00:00", "type": "openvas", "title": "Fedora Update for erlang FEDORA-2017-e2480c7f50", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10253"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872535", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872535", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for erlang FEDORA-2017-e2480c7f50\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872535\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-04-01 06:39:31 +0200 (Sat, 01 Apr 2017)\");\n script_cve_id(\"CVE-2016-10253\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for erlang FEDORA-2017-e2480c7f50\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'erlang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"erlang on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e2480c7f50\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MG7AZPSDWFYYBHU7RJBZSGWPE5TTNVJ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"erlang\", rpm:\"erlang~18.3.4.5~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-15T00:00:00", "type": "openvas", "title": "Ubuntu Update for erlang USN-3571-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1693", "CVE-2017-1000385", "CVE-2016-10253", "CVE-2015-2774"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843449", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843449", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3571_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for erlang USN-3571-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843449\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-15 08:44:50 +0100 (Thu, 15 Feb 2018)\");\n script_cve_id(\"CVE-2014-1693\", \"CVE-2015-2774\", \"CVE-2016-10253\", \"CVE-2017-1000385\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for erlang USN-3571-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'erlang'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the Erlang FTP module\n incorrectly handled certain CRLF sequences. A remote attacker could possibly use\n this issue to inject arbitrary FTP commands. This issue only affected Ubuntu\n 14.04 LTS. (CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC\n padding bytes. A remote attacker could possibly use this issue to perform a\n padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04\n LTS. (CVE-2015-2774) It was discovered that Erlang incorrectly handled certain\n regular expressions. A remote attacker could possibly use this issue to cause\n Erlang to crash, resulting in a denial of service, or execute arbitrary code.\n This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253) Hanno Bck, Juraj\n Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly\n handled error reporting. A remote attacker could possibly use this issue to\n perform a variation of the Bleichenbacher attack and decrypt traffic or sign\n messages. (CVE-2017-1000385)\");\n script_tag(name:\"affected\", value:\"erlang on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3571-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3571-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"erlang\", ver:\"1:16.b.3-dfsg-1ubuntu2.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"erlang\", ver:\"1:20.0.4+dfsg-1ubuntu1.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"erlang\", ver:\"1:18.3-dfsg-1ubuntu3.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:54:05", "description": "An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-03-20T14:18:10", "type": "redhatcve", "title": "CVE-2016-10253", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2020-12-03T11:24:56", "id": "RH:CVE-2016-10253", "href": "https://access.redhat.com/security/cve/cve-2016-10253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-11T15:11:19", "description": "An update of the erlang package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-22T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Erlang PHSA-2020-2.0-0231", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2020-04-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:erlang", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0231_ERLANG.NASL", "href": "https://www.tenable.com/plugins/nessus/135906", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0231. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135906);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/23\");\n\n script_cve_id(\"CVE-2016-10253\");\n\n script_name(english:\"Photon OS 2.0: Erlang PHSA-2020-2.0-0231\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the erlang package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-231.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"erlang-19.3-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"erlang-debuginfo-19.3-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:22:19", "description": "Security fix for CVE-2016-10253\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-31T00:00:00", "type": "nessus", "title": "Fedora 24 : erlang (2017-e2480c7f50)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:erlang", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-E2480C7F50.NASL", "href": "https://www.tenable.com/plugins/nessus/99108", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-e2480c7f50.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99108);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10253\");\n script_xref(name:\"FEDORA\", value:\"2017-e2480c7f50\");\n\n script_name(english:\"Fedora 24 : erlang (2017-e2480c7f50)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-10253\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2480c7f50\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected erlang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"erlang-18.3.4.5-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:11:50", "description": "An update of the erlang package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-28T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Erlang PHSA-2020-1.0-0289", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2020-04-29T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:erlang", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0289_ERLANG.NASL", "href": "https://www.tenable.com/plugins/nessus/136030", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0289. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136030);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/29\");\n\n script_cve_id(\"CVE-2016-10253\");\n\n script_name(english:\"Photon OS 1.0: Erlang PHSA-2020-1.0-0289\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the erlang package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-289.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-10253\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"erlang-19.3-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"erlang-debuginfo-19.3-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:30:17", "description": "Security fix for CVE-2016-10253\n\n----\n\n - Ver. 19.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-17T00:00:00", "type": "nessus", "title": "Fedora 26 : erlang (2017-cbed8f4169)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:erlang", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-CBED8F4169.NASL", "href": "https://www.tenable.com/plugins/nessus/101719", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-cbed8f4169.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101719);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10253\");\n script_xref(name:\"FEDORA\", value:\"2017-cbed8f4169\");\n\n script_name(english:\"Fedora 26 : erlang (2017-cbed8f4169)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-10253\n\n----\n\n - Ver. 19.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-cbed8f4169\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected erlang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"erlang-19.3-2.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:23:38", "description": "Security fix for CVE-2016-10253\n\n----\n\n - Ver. 19.3\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "Fedora 25 : erlang (2017-42ebcac2b5)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:erlang", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-42EBCAC2B5.NASL", "href": "https://www.tenable.com/plugins/nessus/99143", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-42ebcac2b5.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99143);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10253\");\n script_xref(name:\"FEDORA\", value:\"2017-42ebcac2b5\");\n\n script_name(english:\"Fedora 25 : erlang (2017-42ebcac2b5)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2016-10253\n\n----\n\n - Ver. 19.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-42ebcac2b5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected erlang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"erlang-19.3-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:38", "description": "This update for erlang fixes security issues and bugs.\n\nThe following vulnerabilities were addressed :\n\n - CVE-2017-1000385: Harden against the Bleichenbacher attacher against RSA \n\n - CVE-2016-10253: Heap overflow through regular expressions (bsc#1030062)\n\nIn addition Erlang was updated to version 18.3.4.6, containing a number of upstream bug fixes and improvements.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : erlang (openSUSE-2017-1358) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253", "CVE-2017-1000385"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:erlang", "p-cpe:/a:novell:opensuse:erlang-debugger", "p-cpe:/a:novell:opensuse:erlang-debugger-src", "p-cpe:/a:novell:opensuse:erlang-debuginfo", "p-cpe:/a:novell:opensuse:erlang-debugsource", "p-cpe:/a:novell:opensuse:erlang-dialyzer", "p-cpe:/a:novell:opensuse:erlang-dialyzer-debuginfo", "p-cpe:/a:novell:opensuse:erlang-dialyzer-src", "p-cpe:/a:novell:opensuse:erlang-diameter", "p-cpe:/a:novell:opensuse:erlang-diameter-src", "p-cpe:/a:novell:opensuse:erlang-epmd", "p-cpe:/a:novell:opensuse:erlang-epmd-debuginfo", "p-cpe:/a:novell:opensuse:erlang-et", "p-cpe:/a:novell:opensuse:erlang-et-src", "p-cpe:/a:novell:opensuse:erlang-gs", "p-cpe:/a:novell:opensuse:erlang-gs-src", "p-cpe:/a:novell:opensuse:erlang-jinterface", "p-cpe:/a:novell:opensuse:erlang-jinterface-src", "p-cpe:/a:novell:opensuse:erlang-observer", "p-cpe:/a:novell:opensuse:erlang-observer-src", "p-cpe:/a:novell:opensuse:erlang-reltool", "p-cpe:/a:novell:opensuse:erlang-reltool-src", "p-cpe:/a:novell:opensuse:erlang-src", "p-cpe:/a:novell:opensuse:erlang-wx", "p-cpe:/a:novell:opensuse:erlang-wx-debuginfo", "p-cpe:/a:novell:opensuse:erlang-wx-src", "cpe:/o:novell:opensuse:42.2", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2017-1358.NASL", "href": "https://www.tenable.com/plugins/nessus/105241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1358.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105241);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10253\", \"CVE-2017-1000385\");\n\n script_name(english:\"openSUSE Security Update : erlang (openSUSE-2017-1358) (ROBOT)\");\n script_summary(english:\"Check for the openSUSE-2017-1358 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for erlang fixes security issues and bugs.\n\nThe following vulnerabilities were addressed :\n\n - CVE-2017-1000385: Harden against the Bleichenbacher\n attacher against RSA \n\n - CVE-2016-10253: Heap overflow through regular\n expressions (bsc#1030062)\n\nIn addition Erlang was updated to version 18.3.4.6, containing a\nnumber of upstream bug fixes and improvements.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030062\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected erlang packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-debugger\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-debugger-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-dialyzer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-dialyzer-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-dialyzer-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-diameter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-diameter-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-epmd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-epmd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-et-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-gs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-gs-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-jinterface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-jinterface-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-observer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-observer-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-reltool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-reltool-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-wx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-wx-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:erlang-wx-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-debugger-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-debugger-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-debuginfo-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-debugsource-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-dialyzer-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-dialyzer-debuginfo-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-dialyzer-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-diameter-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-diameter-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-epmd-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-epmd-debuginfo-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-et-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-et-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-gs-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-gs-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-jinterface-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-jinterface-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-observer-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-observer-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-reltool-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-reltool-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-wx-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-wx-debuginfo-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"erlang-wx-src-18.3.4.7-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-debugger-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-debugger-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-debuginfo-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-debugsource-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-dialyzer-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-dialyzer-debuginfo-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-dialyzer-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-diameter-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-diameter-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-epmd-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-epmd-debuginfo-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-et-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-et-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-gs-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-gs-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-jinterface-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-jinterface-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-observer-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-observer-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-reltool-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-reltool-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-src-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-wx-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-wx-debuginfo-18.3.4.7-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"erlang-wx-src-18.3.4.7-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang / erlang-debugger / erlang-debugger-src / erlang-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-13T14:32:15", "description": "It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-1693)\n\nIt was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-2774)\n\nIt was discovered that Erlang incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Erlang to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-10253)\n\nHanno Bock, Juraj Somorovsky and Craig Young discovered that the Erlang otp TLS server incorrectly handled error reporting. A remote attacker could possibly use this issue to perform a variation of the Bleichenbacher attack and decrypt traffic or sign messages.\n(CVE-2017-1000385).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1693", "CVE-2015-2774", "CVE-2016-10253", "CVE-2017-1000385"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:erlang", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3571-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106838", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3571-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106838);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-1693\", \"CVE-2015-2774\", \"CVE-2016-10253\", \"CVE-2017-1000385\");\n script_xref(name:\"USN\", value:\"3571-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : erlang vulnerabilities (USN-3571-1) (ROBOT)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Erlang FTP module incorrectly handled\ncertain CRLF sequences. A remote attacker could possibly use this\nissue to inject arbitrary FTP commands. This issue only affected\nUbuntu 14.04 LTS. (CVE-2014-1693)\n\nIt was discovered that Erlang incorrectly checked CBC padding bytes. A\nremote attacker could possibly use this issue to perform a padding\noracle attack and decrypt traffic. This issue only affected Ubuntu\n14.04 LTS. (CVE-2015-2774)\n\nIt was discovered that Erlang incorrectly handled certain regular\nexpressions. A remote attacker could possibly use this issue to cause\nErlang to crash, resulting in a denial of service, or execute\narbitrary code. This issue only affected Ubuntu 16.04 LTS.\n(CVE-2016-10253)\n\nHanno Bock, Juraj Somorovsky and Craig Young discovered that the\nErlang otp TLS server incorrectly handled error reporting. A remote\nattacker could possibly use this issue to perform a variation of the\nBleichenbacher attack and decrypt traffic or sign messages.\n(CVE-2017-1000385).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3571-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected erlang package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:erlang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"erlang\", pkgver:\"1:16.b.3-dfsg-1ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"erlang\", pkgver:\"1:18.3-dfsg-1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"erlang\", pkgver:\"1:20.0.4+dfsg-1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"erlang\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:10:07", "description": "An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-03-18T20:59:00", "type": "cve", "title": "CVE-2016-10253", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253"], "modified": "2018-07-11T15:07:00", "cpe": ["cpe:/a:erlang:erlang\\/otp:19.0.7", "cpe:/a:erlang:erlang\\/otp:19.3.6", "cpe:/a:erlang:erlang\\/otp:18.3.4.2", "cpe:/a:erlang:erlang\\/otp:18.1.1", "cpe:/a:erlang:erlang\\/otp:19.3.4", "cpe:/a:erlang:erlang\\/otp:18.0.1", "cpe:/a:erlang:erlang\\/otp:18.3.4.3", "cpe:/a:erlang:erlang\\/otp:19.1.6.1", "cpe:/a:erlang:erlang\\/otp:19.3.2", "cpe:/a:erlang:erlang\\/otp:19.0.2", "cpe:/a:erlang:erlang\\/otp:19.3", "cpe:/a:erlang:erlang\\/otp:19.3.3", "cpe:/a:erlang:erlang\\/otp:18.3", "cpe:/a:erlang:erlang\\/otp:18.0", "cpe:/a:erlang:erlang\\/otp:19.0.3", "cpe:/a:erlang:erlang\\/otp:18.2.1", "cpe:/a:erlang:erlang\\/otp:18.1.2", "cpe:/a:erlang:erlang\\/otp:18.3.1", "cpe:/a:erlang:erlang\\/otp:19.3.5", "cpe:/a:erlang:erlang\\/otp:19.2", "cpe:/a:erlang:erlang\\/otp:18.2.4.1", "cpe:/a:erlang:erlang\\/otp:18.0.2", "cpe:/a:erlang:erlang\\/otp:18.1.5", "cpe:/a:erlang:erlang\\/otp:18.1.4", "cpe:/a:erlang:erlang\\/otp:18.1.3", "cpe:/a:erlang:erlang\\/otp:18.2", "cpe:/a:erlang:erlang\\/otp:18.0.3", "cpe:/a:erlang:erlang\\/otp:19.0.4", "cpe:/a:erlang:erlang\\/otp:18.3.3", "cpe:/a:erlang:erlang\\/otp:19.3.6.9", "cpe:/a:erlang:erlang\\/otp:19.1.1", "cpe:/a:erlang:erlang\\/otp:19.3.6.7", "cpe:/a:erlang:erlang\\/otp:19.3.6.6", "cpe:/a:erlang:erlang\\/otp:18.2.4", "cpe:/a:erlang:erlang\\/otp:18.3.4.4", "cpe:/a:erlang:erlang\\/otp:19.1", "cpe:/a:erlang:erlang\\/otp:18.3.2", "cpe:/a:erlang:erlang\\/otp:19.3.6.8", "cpe:/a:erlang:erlang\\/otp:18.2.3", "cpe:/a:erlang:erlang\\/otp:19.3.6.2", "cpe:/a:erlang:erlang\\/otp:19.2.3.1", "cpe:/a:erlang:erlang\\/otp:19.3.6.1", "cpe:/a:erlang:erlang\\/otp:19.2.1", "cpe:/a:erlang:erlang\\/otp:18.1", "cpe:/a:erlang:erlang\\/otp:18.2.2", "cpe:/a:erlang:erlang\\/otp:19.3.6.4", "cpe:/a:erlang:erlang\\/otp:18.3.4.5", "cpe:/a:erlang:erlang\\/otp:19.2.2", "cpe:/a:erlang:erlang\\/otp:19.0", "cpe:/a:erlang:erlang\\/otp:19.3.6.5", "cpe:/a:erlang:erlang\\/otp:19.1.5", "cpe:/a:erlang:erlang\\/otp:19.1.6", "cpe:/a:erlang:erlang\\/otp:18.3.4.1", "cpe:/a:erlang:erlang\\/otp:19.3.6.3", "cpe:/a:erlang:erlang\\/otp:19.1.4", "cpe:/a:erlang:erlang\\/otp:19.1.2", "cpe:/a:erlang:erlang\\/otp:19.0.1", "cpe:/a:erlang:erlang\\/otp:18.3.4", "cpe:/a:erlang:erlang\\/otp:19.0.5", "cpe:/a:erlang:erlang\\/otp:19.2.3", "cpe:/a:erlang:erlang\\/otp:19.3.1", "cpe:/a:erlang:erlang\\/otp:19.0.6", "cpe:/a:erlang:erlang\\/otp:19.1.3"], "id": "CVE-2016-10253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10253", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:erlang:erlang\\/otp:18.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.5:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.2.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:19.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:erlang:erlang\\/otp:18.1.1:*:*:*:*:*:*:*"]}], "ibm": [{"lastseen": "2022-06-28T21:58:43", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in erlang. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-1000385](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000385>)** \nDESCRIPTION:** Erlang/OTP could allow a remote attacker to obtain sensitive information, caused by an RSA Adaptive Chosen Ciphertext (Bleichenbacher) attack. By utilizing discrepancies in TLS error messages, an attacker could exploit this vulnerability to obtain the data in the encrypted messages once the TLS session has completed. Note: This vulnerability is also known as the ROBOT attack. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136240> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [CVE-2016-10253](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10253>)** \nDESCRIPTION:** Erlang/OTP is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by generation of compiled regular expressions. By using malformed extpattern, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126699> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 13.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n13 April 2018 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:42:48", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in erlang affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253", "CVE-2017-1000385"], "modified": "2018-06-18T01:42:48", "id": "B01E599C44FBFB3AE7B47D550565BCB6F8659C97777CA1F87C3B58C51580F4A6", "href": "https://www.ibm.com/support/pages/node/664777", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "photon": [{"lastseen": "2021-11-03T20:58:58", "description": "An update of {'sqlite', 'erlang'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-04-17T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-2.0-0231", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253", "CVE-2020-11655", "CVE-2020-11656"], "modified": "2020-04-17T00:00:00", "id": "PHSA-2020-2.0-0231", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-231", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:21:58", "description": "Updates of ['sqlite', 'erlang'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-17T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0231", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253", "CVE-2020-11655", "CVE-2020-11656"], "modified": "2020-04-17T00:00:00", "id": "PHSA-2020-0231", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-231", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T14:49:42", "description": "An update of {'haproxy', 'kubernetes', 'libvirt', 'nodejs10', 'file', 'sqlite-autoconf', 'nettle', 'erlang'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-04-21T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-1.0-0289", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10253", "CVE-2018-16869", "CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-20485", "CVE-2019-8904", "CVE-2019-8905", "CVE-2019-8906", "CVE-2019-8907", "CVE-2020-11100", "CVE-2020-11655", "CVE-2020-11656", "CVE-2020-8552", "CVE-2020-9327"], "modified": "2020-04-21T00:00:00", "id": "PHSA-2020-1.0-0289", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-289", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T13:10:41", "description": "## Releases\n\n * Ubuntu 17.10 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * erlang \\- Concurrent, real-time, distributed functional language\n\nIt was discovered that the Erlang FTP module incorrectly handled certain \nCRLF sequences. A remote attacker could possibly use this issue to inject \narbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2014-1693)\n\nIt was discovered that Erlang incorrectly checked CBC padding bytes. A \nremote attacker could possibly use this issue to perform a padding oracle \nattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2015-2774)\n\nIt was discovered that Erlang incorrectly handled certain regular \nexpressions. A remote attacker could possibly use this issue to cause \nErlang to crash, resulting in a denial of service, or execute arbitrary \ncode. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-10253)\n\nHanno B\u00f6ck, Juraj Somorovsky and Craig Young discovered that the Erlang \notp TLS server incorrectly handled error reporting. A remote attacker could \npossibly use this issue to perform a variation of the Bleichenbacher attack \nand decrypt traffic or sign messages. (CVE-2017-1000385)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-14T00:00:00", "type": "ubuntu", "title": "Erlang vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1693", "CVE-2015-2774", "CVE-2016-10253", "CVE-2017-1000385"], "modified": "2018-02-14T00:00:00", "id": "USN-3571-1", "href": "https://ubuntu.com/security/notices/USN-3571-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}