Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:13614125623114202016621HistoryApr 19, 2021 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2020:1662-1)
2021-04-1900:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
4
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.2 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2020.1662.1");
script_cve_id("CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12723");
script_tag(name:"creation_date", value:"2021-04-19 00:00:00 +0000 (Mon, 19 Apr 2021)");
script_version("2024-02-02T14:37:50+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:50 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-06-09 14:01:10 +0000 (Tue, 09 Jun 2020)");
script_name("SUSE: Security Advisory (SUSE-SU-2020:1662-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP2|SLES12\.0SP3|SLES12\.0SP4|SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2020:1662-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2020/suse-su-20201662-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'perl' package(s) announced via the SUSE-SU-2020:1662-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for perl fixes the following issues:
CVE-2020-10543: Fixed a heap buffer overflow in regular expression
compiler which could have allowed overwriting of allocated memory with
attacker's data (bsc#1171863).
CVE-2020-10878: Fixed multiple integer overflows which could have
allowed the insertion of instructions into the compiled form of Perl
regular expression (bsc#1171864).
CVE-2020-12723: Fixed an attacker's corruption of the intermediate
language state of a compiled regular expression (bsc#1171866).
Fixed utf8 handling in perldoc by useing 'term' instead of 'man'
(bsc#1170601).
Some packages make assumptions about the date and time they are built.
This update will solve the issues caused by calling the perl function
timelocal expressing the year with two digit only instead of four
digits. (bsc#1102840) (bsc#1160039)");
script_tag(name:"affected", value:"'perl' package(s) on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"perl-32bit", rpm:"perl-32bit~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl", rpm:"perl~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base", rpm:"perl-base~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base-debuginfo", rpm:"perl-base-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo-32bit", rpm:"perl-debuginfo-32bit~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo", rpm:"perl-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debugsource", rpm:"perl-debugsource~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-doc", rpm:"perl-doc~5.18.2~12.23.1", rls:"SLES12.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP3") {
if(!isnull(res = isrpmvuln(pkg:"perl-32bit", rpm:"perl-32bit~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl", rpm:"perl~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base", rpm:"perl-base~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base-debuginfo", rpm:"perl-base-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo-32bit", rpm:"perl-debuginfo-32bit~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo", rpm:"perl-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debugsource", rpm:"perl-debugsource~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-doc", rpm:"perl-doc~5.18.2~12.23.1", rls:"SLES12.0SP3"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"perl-32bit", rpm:"perl-32bit~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl", rpm:"perl~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base", rpm:"perl-base~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base-debuginfo", rpm:"perl-base-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo-32bit", rpm:"perl-debuginfo-32bit~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo", rpm:"perl-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debugsource", rpm:"perl-debugsource~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-doc", rpm:"perl-doc~5.18.2~12.23.1", rls:"SLES12.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"perl-32bit", rpm:"perl-32bit~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl", rpm:"perl~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base", rpm:"perl-base~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-base-debuginfo", rpm:"perl-base-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo-32bit", rpm:"perl-debuginfo-32bit~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debuginfo", rpm:"perl-debuginfo~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-debugsource", rpm:"perl-debugsource~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-doc", rpm:"perl-doc~5.18.2~12.23.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ibm
ibm
openvas
openvas
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-1894)
2020-08-31 00:00:00
Ubuntu: Security Advisory (USN-4602-1)
2020-10-27 00:00:00
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2021-1621)
2021-03-12 00:00:00
nessus
nessus
Photon OS 3.0: Perl PHSA-2020-3.0-0104
2020-06-25 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : perl Multiple Vulnerabilities (NS-SA-2021-0184)
2021-10-27 00:00:00
openSUSE Security Update : perl (openSUSE-2020-850)
2020-07-20 00:00:00
oraclelinux
oraclelinux
perl security update
2021-02-03 00:00:00
perl security update
2021-05-20 00:00:00
perl security and bug fix update
2021-05-25 00:00:00
osv
osv
perl vulnerabilities
2020-10-26 11:11:53
perl vulnerabilities
2020-10-27 14:02:08
Moderate: perl security and bug fix update
2021-05-18 05:49:06
redhat
redhat
(RHSA-2021:0883) Moderate: perl security update
2021-03-16 13:08:30
(RHSA-2021:1266) Moderate: perl security update
2021-04-20 11:21:48
(RHSA-2021:1032) Moderate: perl security update
2021-03-30 07:25:33
suse
suse
Security update for perl (important)
2020-06-23 00:00:00
gentoo
gentoo
Perl: Multiple vulnerabilities
2020-06-12 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: perl-5.30.3-453.fc32
2020-06-05 02:32:03
[SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31
2020-06-16 01:19:13
mageia
mageia
Updated perl packages fix security vulnerability
2020-06-11 02:59:36
cloudfoundry
cloudfoundry
USN-4602-1: Perl vulnerabilities | Cloud Foundry
2021-03-09 00:00:00
aix
aix
There are vulnerabilities in Perl that affect AIX.
2020-12-09 16:36:39
ubuntu
ubuntu
Perl vulnerabilities
2020-10-27 00:00:00
Perl vulnerabilities
2020-10-26 00:00:00
amazon
amazon
Medium: perl
2021-02-19 01:26:00
centos
centos
perl security update
2021-02-04 01:04:16
almalinux
almalinux
Moderate: perl security and bug fix update
2021-05-18 05:49:06
Moderate: perl security update
2021-02-16 07:35:46
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0302
2020-06-23 00:00:00
Important Photon OS Security Update - PHSA-2020-0104
2020-06-23 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0104
2020-06-23 00:00:00
rocky
rocky
perl security and bug fix update
2021-05-18 05:49:06
veracode
veracode
Denial Of Service (DoS)
2020-08-06 21:34:50
Denial Of Service (DoS)
2020-08-06 21:34:46
Integer Overflow
2020-08-06 21:38:33
prion
prion
Integer overflow
2020-06-05 14:15:00
Buffer overflow
2020-06-05 15:15:00
Integer overflow
2020-06-05 14:15:00
debiancve
debiancve
nvd
nvd
ubuntucve
ubuntucve
cvelist
cvelist
cve
cve
cloudlinux
cloudlinux
Fixed CVE-2020-12723 in perl-5.10.1
2022-07-11 17:36:45
Fix of CVE: CVE-2020-10543
2021-09-22 16:31:04
Fix of CVE: CVE-2020-10878
2021-09-22 16:30:34
alpinelinux
alpinelinux
redhatcve
redhatcve
hackerone
hackerone
f5
f5
K40508224 : Perl vulnerability CVE-2020-10878
2022-02-03 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47
apple
apple
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.2 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
Related for OPENVAS:13614125623114202016621