Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202229911HistorySep 02, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:2991-1)
2022-09-0200:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
1
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
76.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.2991.1");
script_cve_id("CVE-2021-46828");
script_tag(name:"creation_date", value:"2022-09-02 04:52:13 +0000 (Fri, 02 Sep 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-08-01 16:51:11 +0000 (Mon, 01 Aug 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:2991-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0|SLES15\.0SP1|SLES15\.0SP2)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:2991-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20222991-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'libtirpc' package(s) announced via the SUSE-SU-2022:2991-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for libtirpc fixes the following issues:
CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which
could be exploited by remote attackers to prevent applications using the
library from accepting new connections (bsc#1201680).
Non-security fixes:
Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
Fix memory leak in params.r_addr assignment (bsc#1198752)");
script_tag(name:"affected", value:"'libtirpc' package(s) on SUSE CaaS Platform 4.0, SUSE Enterprise Storage 6, SUSE Enterprise Storage 7, SUSE Linux Enterprise High Performance Computing 15, SUSE Linux Enterprise High Performance Computing 15-SP1, SUSE Linux Enterprise High Performance Computing 15-SP2, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15-SP1, SUSE Linux Enterprise Server 15-SP2, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Linux Enterprise Server for SAP 15-SP2, SUSE Manager Proxy 4.1, SUSE Manager Retail Branch Server 4.1, SUSE Manager Server 4.1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0") {
if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.2~150000.3.18.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc-devel", rpm:"libtirpc-devel~1.0.2~150000.3.18.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.2~150000.3.18.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.2~150000.3.18.1", rls:"SLES15.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.2~150000.3.18.1", rls:"SLES15.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc-devel", rpm:"libtirpc-devel~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit", rpm:"libtirpc3-32bit~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit-debuginfo", rpm:"libtirpc3-32bit-debuginfo~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.2~150000.3.18.1", rls:"SLES15.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "SLES15.0SP2") {
if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc-devel", rpm:"libtirpc-devel~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit", rpm:"libtirpc3-32bit~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit-debuginfo", rpm:"libtirpc3-32bit-debuginfo~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.2~150000.3.18.1", rls:"SLES15.0SP2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
EulerOS Virtualization 2.9.0 : libtirpc (EulerOS-SA-2022-2389)
2022-09-24 00:00:00
EulerOS 2.0 SP8 : libtirpc (EulerOS-SA-2022-2470)
2022-10-09 00:00:00
EulerOS Virtualization 2.10.0 : libtirpc (EulerOS-SA-2022-2910)
2022-12-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-07-20 11:06:47
oraclelinux
oraclelinux
libtirpc security update
2022-11-22 00:00:00
debiancve
debiancve
CVE-2021-46828
2022-07-20 06:15:00
ubuntu
ubuntu
libtirpc vulnerability
2022-07-28 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libtirpc (EulerOS-SA-2022-2910)
2022-12-30 00:00:00
Mageia: Security Advisory (MGASA-2022-0288)
2022-08-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3791-1)
2022-10-28 00:00:00
prion
prion
Code injection
2022-07-20 06:15:00
cve
cve
CVE-2021-46828
2022-07-20 06:15:00
cbl_mariner
cbl_mariner
CVE-2021-46828 affecting package libtirpc 1.3.3-1
2024-05-05 09:06:36
CVE-2021-46828 affecting package libtirpc 1.1.4-4
2022-09-17 05:56:35
suse
suse
Security update for libtirpc (important)
2022-09-19 00:00:00
alpinelinux
alpinelinux
CVE-2021-46828
2022-07-20 06:15:00
osv
osv
CVE-2021-46828
2022-07-20 06:15:07
libtirpc - security update
2022-08-11 00:00:00
libtirpc - security update
2022-08-07 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2339
2024-02-06 08:17:10
redhatcve
redhatcve
CVE-2021-46828
2022-07-21 07:45:33
redhat
redhat
(RHSA-2022:8400) Moderate: libtirpc security update
2022-11-15 06:23:29
almalinux
almalinux
Moderate: libtirpc security update
2022-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2021-46828
2022-07-20 00:00:00
rocky
rocky
libtirpc security update
2022-11-15 06:23:29
libtirpc bug fix and enhancement update
2022-05-10 08:15:03
redos
redos
ROS-20240403-03
2024-04-03 00:00:00
gentoo
gentoo
Libtirpc: Denial of Service
2022-10-31 00:00:00
mageia
mageia
Updated libitrpc packages fix security vulnerability
2022-08-20 13:04:13
debian
debian
[SECURITY] [DSA 5200-1] libtirpc security update
2022-08-07 08:56:53
[SECURITY] [DLA 3071-1] libtirpc security update
2022-08-11 10:59:36
photon
photon
Important Photon OS Security Update - PHSA-2022-0504
2022-08-06 00:00:00
Important Photon OS Security Update - PHSA-2022-0224
2022-08-06 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0431
2022-08-09 00:00:00
ics
ics
Siemens SCALANCE XCM332
2023-04-13 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
ibm
ibm
avleonov
avleonov
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.7 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
76.4%
Related for OPENVAS:13614125623114202229911