{"cve": [{"lastseen": "2020-12-09T21:41:45", "description": "BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-09T15:15:00", "title": "CVE-2019-16159", "type": "cve", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16159"], "modified": "2019-09-20T03:15:00", "cpe": ["cpe:/a:nic:bird:1.6.7", "cpe:/a:nic:bird:2.0.5"], "id": "CVE-2019-16159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16159", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nic:bird:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:nic:bird:2.0.5:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-31T16:30:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310852876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852876", "type": "openvas", "title": "openSUSE: Security Advisory for bird (openSUSE-SU-2019:2178-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852876\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-16159\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 09:40:29 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"openSUSE: Security Advisory for bird (openSUSE-SU-2019:2178-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:2178-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bird'\n package(s) announced via the openSUSE-SU-2019:2178-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for bird fixes the following issues:\n\n - CVE-2019-16159: Fixed a stack-based buffer overflow via administrative\n shutdown communication messages. (bnc#1150108)\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-2178=1\");\n\n script_tag(name:\"affected\", value:\"'bird' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bird\", rpm:\"bird~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bird-common\", rpm:\"bird-common~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bird-debuginfo\", rpm:\"bird-debuginfo~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bird-debugsource\", rpm:\"bird-debugsource~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bird-doc\", rpm:\"bird-doc~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bird6\", rpm:\"bird6~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ird6-debuginfo\", rpm:\"ird6-debuginfo~1.6.8~lp151.2.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-24T14:35:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "description": "The remote host is missing an update for the ", "modified": "2019-09-23T00:00:00", "published": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310876822", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876822", "type": "openvas", "title": "Fedora Update for bird FEDORA-2019-ace80f492e", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876822\");\n script_version(\"2019-09-23T11:41:07+0000\");\n script_cve_id(\"CVE-2019-16159\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-23 11:41:07 +0000 (Mon, 23 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-20 05:35:02 +0000 (Fri, 20 Sep 2019)\");\n script_name(\"Fedora Update for bird FEDORA-2019-ace80f492e\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-ace80f492e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F23NNAPXX65MGJQBPPTVGRV3T4XCKBV\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bird'\n package(s) announced via the FEDORA-2019-ace80f492e advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border\nGateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open\nShortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),\nBidirectional Forwarding Detection (BFD), IPv6 router advertisements, static\nroutes, inter-table protocol, command-line interface allowing on-line control\nand inspection of the status of the daemon, soft reconfiguration as well as a\npowerful language for route filtering.\");\n\n script_tag(name:\"affected\", value:\"'bird' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bird\", rpm:\"bird~2.0.6~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-23T14:41:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "description": "The remote host is missing an update for the ", "modified": "2019-09-21T00:00:00", "published": "2019-09-21T00:00:00", "id": "OPENVAS:1361412562310704528", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704528", "type": "openvas", "title": "Debian Security Advisory DSA 4528-1 (bird - security update)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704528\");\n script_version(\"2019-09-21T02:00:06+0000\");\n script_cve_id(\"CVE-2019-16159\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-21 02:00:06 +0000 (Sat, 21 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-21 02:00:06 +0000 (Sat, 21 Sep 2019)\");\n script_name(\"Debian Security Advisory DSA 4528-1 (bird - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4528.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4528-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bird'\n package(s) announced via the DSA-4528-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Daniel McCarney discovered that the BIRD internet routing daemon\nincorrectly validated RFC 8203 messages in it's BGP daemon, resulting\nin a stack buffer overflow.\");\n\n script_tag(name:\"affected\", value:\"'bird' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), this problem has been fixed in\nversion 1.6.6-1+deb10u1. In addition this update fixes an incomplete\nrevocation of privileges and a crash triggerable via the CLI (the latter\ntwo bugs are also fixed in the oldstable distribution (stretch) which is\nnot affected by\nCVE-2019-16159).\n\nWe recommend that you upgrade your bird packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bird\", ver:\"1.6.6-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bird-bgp\", ver:\"1.6.6-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bird-doc\", ver:\"1.6.6-1+deb10u1\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-14T14:48:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "description": "The remote host is missing an update for the ", "modified": "2020-01-13T00:00:00", "published": "2020-01-09T00:00:00", "id": "OPENVAS:1361412562310877130", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877130", "type": "openvas", "title": "Fedora Update for bird FEDORA-2019-ff0f9ce167", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877130\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-16159\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-09 07:26:58 +0000 (Thu, 09 Jan 2020)\");\n script_name(\"Fedora Update for bird FEDORA-2019-ff0f9ce167\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2019-ff0f9ce167\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANT2BBMQ67K2OAHZPVSNCWDHJ7IK7GLY\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bird'\n package(s) announced via the FEDORA-2019-ff0f9ce167 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border\nGateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open\nShortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),\nBidirectional Forwarding Detection (BFD), IPv6 router advertisements, static\nroutes, inter-table protocol, command-line interface allowing on-line control\nand inspection of the status of the daemon, soft reconfiguration as well as a\npowerful language for route filtering.\");\n\n script_tag(name:\"affected\", value:\"'bird' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bird\", rpm:\"bird~2.0.6~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-09-24T14:34:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "description": "The remote host is missing an update for the ", "modified": "2019-09-23T00:00:00", "published": "2019-09-20T00:00:00", "id": "OPENVAS:1361412562310876819", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876819", "type": "openvas", "title": "Fedora Update for bird FEDORA-2019-b629e3b97f", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876819\");\n script_version(\"2019-09-23T11:41:07+0000\");\n script_cve_id(\"CVE-2019-16159\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-09-23 11:41:07 +0000 (Mon, 23 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-20 05:34:55 +0000 (Fri, 20 Sep 2019)\");\n script_name(\"Fedora Update for bird FEDORA-2019-b629e3b97f\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-b629e3b97f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVNQJBZYGGNAJNGOFEBE3IAJME2QIZB\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bird'\n package(s) announced via the FEDORA-2019-b629e3b97f advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border\nGateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open\nShortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babel),\nBidirectional Forwarding Detection (BFD), IPv6 router advertisements, static\nroutes, inter-table protocol, command-line interface allowing on-line control\nand inspection of the status of the daemon, soft reconfiguration as well as a\npowerful language for route filtering.\n\nThis package contains IPv4 version.\");\n\n script_tag(name:\"affected\", value:\"'bird' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bird\", rpm:\"bird~1.6.8~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16159"], "description": "BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babe l), Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static routes, inter-table protocol, command-line interface allowing on-line contr ol and inspection of the status of the daemon, soft reconfiguration as well as a powerful language for route filtering. ", "modified": "2019-09-16T00:03:27", "published": "2019-09-16T00:03:27", "id": "FEDORA:EBCFA605F083", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: bird-2.0.6-1.fc31", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16159"], "description": "BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babe l), Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static routes, inter-table protocol, command-line interface allowing on-line contr ol and inspection of the status of the daemon, soft reconfiguration as well as a powerful language for route filtering. ", "modified": "2019-09-20T01:22:26", "published": "2019-09-20T01:22:26", "id": "FEDORA:E35F5607E212", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: bird-2.0.6-1.fc30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16159"], "description": "BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol (BGPv4), Routing Information Protocol (RIPv2, RIPng), Open Shortest Path First protocol (OSPFv2, OSPFv3), Babel Routing Protocol (Babe l), Bidirectional Forwarding Detection (BFD), IPv6 router advertisements, static routes, inter-table protocol, command-line interface allowing on-line contr ol and inspection of the status of the daemon, soft reconfiguration as well as a powerful language for route filtering. This package contains IPv4 version. ", "modified": "2019-09-20T01:34:08", "published": "2019-09-20T01:34:08", "id": "FEDORA:099EC608784C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: bird-1.6.8-1.fc29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T01:51:48", "description": "Daniel McCarney discovered that the BIRD internet routing daemon\nincorrectly validated RFC 8203 messages in it's BGP daemon, resulting\nin a stack-based buffer overflow.", "edition": 19, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-20T00:00:00", "title": "Debian DSA-4528-1 : bird - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "p-cpe:/a:debian:debian_linux:bird"], "id": "DEBIAN_DSA-4528.NASL", "href": "https://www.tenable.com/plugins/nessus/129074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4528. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129074);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-16159\");\n script_xref(name:\"DSA\", value:\"4528\");\n\n script_name(english:\"Debian DSA-4528-1 : bird - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Daniel McCarney discovered that the BIRD internet routing daemon\nincorrectly validated RFC 8203 messages in it's BGP daemon, resulting\nin a stack-based buffer overflow.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-16159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/bird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/bird\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4528\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bird packages.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.6.6-1+deb10u1. In addition this update fixes an incomplete\nrevocation of privileges and a crash triggerable via the CLI (the\nlatter two bugs are also fixed in the oldstable distribution (stretch)\nwhich is not affected by CVE-2019-16159 ).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"bird\", reference:\"1.6.6-1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"bird-bgp\", reference:\"1.6.6-1+deb10u1\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"bird-doc\", reference:\"1.6.6-1+deb10u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:27:12", "description": "BIRD 2.0.6 (2019-09-10) =======================\n\n - RAdv: Solicited unicast RAs\n\n - BGP: Optional Adj-RIB-Out\n\n - BGP: Extended optional parameters length\n\n - Filter: Sets and set expressions in path masks\n\n - Several important bugfixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-20T00:00:00", "title": "Fedora 30 : bird (2019-ace80f492e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:bird"], "id": "FEDORA_2019-ACE80F492E.NASL", "href": "https://www.tenable.com/plugins/nessus/129082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-ace80f492e.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129082);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-16159\");\n script_xref(name:\"FEDORA\", value:\"2019-ace80f492e\");\n\n script_name(english:\"Fedora 30 : bird (2019-ace80f492e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BIRD 2.0.6 (2019-09-10) =======================\n\n - RAdv: Solicited unicast RAs\n\n - BGP: Optional Adj-RIB-Out\n\n - BGP: Extended optional parameters length\n\n - Filter: Sets and set expressions in path masks\n\n - Several important bugfixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ace80f492e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"bird-2.0.6-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bird\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:27:20", "description": "BIRD 1.6.8 (2019-09-10) =======================\n\n - Several important bugfixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-20T00:00:00", "title": "Fedora 29 : bird (2019-b629e3b97f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:bird"], "id": "FEDORA_2019-B629E3B97F.NASL", "href": "https://www.tenable.com/plugins/nessus/129083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-b629e3b97f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129083);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-16159\");\n script_xref(name:\"FEDORA\", value:\"2019-b629e3b97f\");\n\n script_name(english:\"Fedora 29 : bird (2019-b629e3b97f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BIRD 1.6.8 (2019-09-10) =======================\n\n - Several important bugfixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-b629e3b97f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"bird-1.6.8-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bird\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T02:28:24", "description": "BIRD 2.0.6 (2019-09-10) =======================\n\n - RAdv: Solicited unicast RAs\n\n - BGP: Optional Adj-RIB-Out\n\n - BGP: Extended optional parameters length\n\n - Filter: Sets and set expressions in path masks\n\n - Several important bugfixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-10-07T00:00:00", "title": "Fedora 31 : bird (2019-ff0f9ce167)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bird", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2019-FF0F9CE167.NASL", "href": "https://www.tenable.com/plugins/nessus/129660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-ff0f9ce167.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129660);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2019-16159\");\n script_xref(name:\"FEDORA\", value:\"2019-ff0f9ce167\");\n\n script_name(english:\"Fedora 31 : bird (2019-ff0f9ce167)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"BIRD 2.0.6 (2019-09-10) =======================\n\n - RAdv: Solicited unicast RAs\n\n - BGP: Optional Adj-RIB-Out\n\n - BGP: Extended optional parameters length\n\n - Filter: Sets and set expressions in path masks\n\n - Several important bugfixes\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ff0f9ce167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bird\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"bird-2.0.6-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bird\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T04:21:27", "description": "This update for bird fixes the following issues :\n\n - CVE-2019-16159: Fixed a stack-based buffer overflow via\n administrative shutdown communication messages.\n (bnc#1150108)", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-09-25T00:00:00", "title": "openSUSE Security Update : bird (openSUSE-2019-2178)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-16159"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bird6-debuginfo", "p-cpe:/a:novell:opensuse:bird-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:bird-debugsource", "p-cpe:/a:novell:opensuse:bird", "p-cpe:/a:novell:opensuse:bird-common", "p-cpe:/a:novell:opensuse:bird6"], "id": "OPENSUSE-2019-2178.NASL", "href": "https://www.tenable.com/plugins/nessus/129344", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2178.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129344);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-16159\");\n\n script_name(english:\"openSUSE Security Update : bird (openSUSE-2019-2178)\");\n script_summary(english:\"Check for the openSUSE-2019-2178 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bird fixes the following issues :\n\n - CVE-2019-16159: Fixed a stack-based buffer overflow via\n administrative shutdown communication messages.\n (bnc#1150108)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150108\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bird packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bird\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bird-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bird-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bird-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bird6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bird6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bird-1.6.8-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bird-common-1.6.8-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bird-debuginfo-1.6.8-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bird-debugsource-1.6.8-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bird6-1.6.8-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bird6-debuginfo-1.6.8-lp151.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bird / bird-common / bird-debuginfo / bird-debugsource / bird6 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2019-09-24T16:27:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16159"], "description": "This update for bird fixes the following issues:\n\n - CVE-2019-16159: Fixed a stack-based buffer overflow via administrative\n shutdown communication messages. (bnc#1150108)\n\n", "edition": 1, "modified": "2019-09-24T15:25:02", "published": "2019-09-24T15:25:02", "id": "OPENSUSE-SU-2019:2178-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00063.html", "title": "Security update for bird (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:01:27", "bulletinFamily": "unix", "cvelist": ["CVE-2019-16159"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4528-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 19, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bird\nCVE ID : CVE-2019-16159\n\nDaniel McCarney discovered that the BIRD internet routing daemon\nincorrectly validated RFC 8203 messages in it's BGP daemon, resulting\nin a stack buffer overflow.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.6.6-1+deb10u1. In addition this update fixes an incomplete\nrevocation of privileges and a crash triggerable via the CLI (the latter\ntwo bugs are also fixed in the oldstable distribution (stretch) which is\nnot affected by CVE-2019-16159).\n\nWe recommend that you upgrade your bird packages.\n\nFor the detailed security status of bird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/bird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2019-09-19T20:53:42", "published": "2019-09-19T20:53:42", "id": "DEBIAN:DSA-4528-1:1870A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2019/msg00176.html", "title": "[SECURITY] [DSA 4528-1] bird security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
