{"id": "USN-4058-2", "bulletinFamily": "unix", "title": "Bash vulnerability", "description": "USN-4058-1 fixed a vulnerability in bash. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Bash incorrectly handled the restricted shell. An \nattacker could possibly use this issue to escape restrictions and execute \nany command.", "published": "2019-08-05T00:00:00", "modified": "2019-08-05T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-4058-2", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9924"], "cvelist": ["CVE-2019-9924"], "type": "ubuntu", "lastseen": "2020-07-02T11:44:14", "edition": 2, "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-9924"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-1113"]}, {"type": "ubuntu", "idList": ["USN-4058-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852410", "OPENVAS:1361412562310844091", "OPENVAS:1361412562311220191609", "OPENVAS:1361412562311220191621", "OPENVAS:1361412562310891726", "OPENVAS:1361412562311220191563", "OPENVAS:1361412562311220191564", "OPENVAS:1361412562311220191565"]}, {"type": "redhat", "idList": ["RHSA-2020:3592", "RHSA-2020:1113", "RHSA-2020:3474", "RHSA-2020:3803"]}, {"type": "amazon", "idList": ["ALAS-2020-1379", "ALAS2-2020-1503"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1178-1"]}, {"type": "centos", "idList": ["CESA-2020:1113"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E6036A4BBC849BD324B2879082C9CA11"]}, {"type": "nessus", "idList": ["SUSE_SU-2019-0838-1.NASL", "EULEROS_SA-2019-1563.NASL", "OPENSUSE-2019-1178.NASL", "EULEROS_SA-2019-1621.NASL", "REDHAT-RHSA-2020-3803.NASL", "EULEROS_SA-2019-1564.NASL", "REDHAT-RHSA-2020-3474.NASL", "SUSE_SU-2019-0838-2.NASL", "UBUNTU_USN-4058-1.NASL", "ALA_ALAS-2020-1379.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1726-1:6FE02"]}, {"type": "kitploit", "idList": ["KITPLOIT:7323577050718865961"]}], "modified": "2020-07-02T11:44:14", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2020-07-02T11:44:14", "rev": 2}, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bash", "packageVersion": "4.3-7ubuntu1.8+esm1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "bash", "packageVersion": "4.2-2ubuntu2.8"}], "scheme": null}

{"cve": [{"lastseen": "2020-12-09T21:41:58", "description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-03-22T08:29:00", "title": "CVE-2019-9924", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9924"], "modified": "2019-04-11T22:29:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:bash:4.4"], "id": "CVE-2019-9924", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9924", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:bash:4.4:beta1:*:*:*:*:*:*"]}], "amazon": [{"lastseen": "2020-11-10T12:35:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "**Issue Overview:**\n\nrbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. ([CVE-2019-9924 __](<https://access.redhat.com/security/cve/CVE-2019-9924>))\n\n \n**Affected Packages:** \n\n\nbash\n\n \n**Issue Correction:** \nRun _yum update bash_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n bash-4.2.46-34.amzn2.aarch64 \n bash-doc-4.2.46-34.amzn2.aarch64 \n bash-debuginfo-4.2.46-34.amzn2.aarch64 \n \n i686: \n bash-4.2.46-34.amzn2.i686 \n bash-doc-4.2.46-34.amzn2.i686 \n bash-debuginfo-4.2.46-34.amzn2.i686 \n \n src: \n bash-4.2.46-34.amzn2.src \n \n x86_64: \n bash-4.2.46-34.amzn2.x86_64 \n bash-doc-4.2.46-34.amzn2.x86_64 \n bash-debuginfo-4.2.46-34.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2020-10-22T17:21:00", "published": "2020-10-22T17:21:00", "id": "ALAS2-2020-1503", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1503.html", "title": "Medium: bash", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:35:25", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "**Issue Overview:**\n\nrbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. ([CVE-2019-9924 __](<https://access.redhat.com/security/cve/CVE-2019-9924>))\n\n \n**Affected Packages:** \n\n\nbash\n\n \n**Issue Correction:** \nRun _yum update bash_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n bash-debuginfo-4.2.46-34.43.amzn1.i686 \n bash-doc-4.2.46-34.43.amzn1.i686 \n bash-4.2.46-34.43.amzn1.i686 \n \n src: \n bash-4.2.46-34.43.amzn1.src \n \n x86_64: \n bash-4.2.46-34.43.amzn1.x86_64 \n bash-debuginfo-4.2.46-34.43.amzn1.x86_64 \n bash-doc-4.2.46-34.43.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-06-23T05:55:00", "published": "2020-06-23T05:55:00", "id": "ALAS-2020-1379", "href": "https://alas.aws.amazon.com/ALAS-2020-1379.html", "title": "Medium: bash", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-31T16:46:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2019-04-09T00:00:00", "id": "OPENVAS:1361412562310852410", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852410", "type": "openvas", "title": "openSUSE: Security Advisory for bash (openSUSE-SU-2019:1178-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852410\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-04-09 02:01:01 +0000 (Tue, 09 Apr 2019)\");\n script_name(\"openSUSE: Security Advisory for bash (openSUSE-SU-2019:1178-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1178-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the openSUSE-SU-2019:1178-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for bash fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user\n BASH_CMDS allowing the user to execute any command with the permissions\n of the shell (bsc#1130324).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1178=1\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo\", rpm:\"bash-debuginfo~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debugsource\", rpm:\"bash-debugsource~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-devel\", rpm:\"bash-devel~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables\", rpm:\"bash-loadables~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-loadables-debuginfo\", rpm:\"bash-loadables-debuginfo~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6\", rpm:\"libreadline6~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo\", rpm:\"libreadline6-debuginfo~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel\", rpm:\"readline-devel~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-debuginfo-32bit\", rpm:\"bash-debuginfo-32bit~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-32bit\", rpm:\"libreadline6-32bit~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libreadline6-debuginfo-32bit\", rpm:\"libreadline6-debuginfo-32bit~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"readline-devel-32bit\", rpm:\"readline-devel-32bit~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-doc\", rpm:\"bash-doc~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bash-lang\", rpm:\"bash-lang~4.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"eadline-doc\", rpm:\"eadline-doc~6.3~83.15.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191621", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191621", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1621)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1621\");\n script_version(\"2020-01-23T12:17:38+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:17:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:17:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1621)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1621\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1621\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bash' package(s) announced via the EulerOS-SA-2019-1621 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924)\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.46~30.h5\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191563", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191563", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1563)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1563\");\n script_version(\"2020-01-23T12:15:08+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:15:08 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:15:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1563)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1563\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1563\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bash' package(s) announced via the EulerOS-SA-2019-1563 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924)\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.46~28.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191564", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191564", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1564)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1564\");\n script_version(\"2020-01-23T12:15:09+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:15:09 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:15:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1564)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1564\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1564\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bash' package(s) announced via the EulerOS-SA-2019-1564 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924)\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.46~28.h3\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-19T21:46:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the ", "modified": "2019-07-17T00:00:00", "published": "2019-07-16T00:00:00", "id": "OPENVAS:1361412562310844091", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844091", "type": "openvas", "title": "Ubuntu Update for bash USN-4058-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844091\");\n script_version(\"2019-07-17T08:19:47+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:19:47 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-16 02:00:41 +0000 (Tue, 16 Jul 2019)\");\n script_name(\"Ubuntu Update for bash USN-4058-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4058-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-July/005011.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the USN-4058-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Bash incorrectly handled the restricted shell. An\nattacker could possibly use this issue to escape restrictions and execute\nany command.\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-14ubuntu1.4\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191565", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191565", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1565)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1565\");\n script_version(\"2020-01-23T12:15:10+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:15:10 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:15:10 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1565)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1565\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1565\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bash' package(s) announced via the EulerOS-SA-2019-1565 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924)\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.46~30.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:38:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191609", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191609", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1609)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1609\");\n script_version(\"2020-01-23T12:16:54+0000\");\n script_cve_id(\"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:16:54 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:16:54 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bash (EulerOS-SA-2019-1609)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1609\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1609\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bash' package(s) announced via the EulerOS-SA-2019-1609 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.(CVE-2019-9924)\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bash\", rpm:\"bash~4.2.46~30.h5\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T19:29:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924", "CVE-2016-9401"], "description": "The remote host is missing an update for the ", "modified": "2020-01-29T00:00:00", "published": "2019-03-25T00:00:00", "id": "OPENVAS:1361412562310891726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891726", "type": "openvas", "title": "Debian LTS: Security Advisory for bash (DLA-1726-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891726\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-9401\", \"CVE-2019-9924\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-03-25 23:00:00 +0100 (Mon, 25 Mar 2019)\");\n script_name(\"Debian LTS: Security Advisory for bash (DLA-1726-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1726-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bash'\n package(s) announced via the DLA-1726-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two issues have been fixed in bash, the GNU Bourne-Again Shell:\n\nCVE-2016-9401\n\nThe popd builtin segfaulted when called with negative out of range\noffsets.\n\nCVE-2019-9924\n\nSylvain Beucler discovered that it was possible to call commands\nthat contained a slash when in restricted mode (rbash) by adding\nthem to the BASH_CMDS array.\");\n\n script_tag(name:\"affected\", value:\"'bash' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.3-11+deb8u2.\n\nWe recommend that you upgrade your bash packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bash\", ver:\"4.3-11+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bash-builtins\", ver:\"4.3-11+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bash-doc\", ver:\"4.3-11+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bash-static\", ver:\"4.3-11+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:44:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "It was discovered that Bash incorrectly handled the restricted shell. An \nattacker could possibly use this issue to escape restrictions and execute \nany command.", "edition": 2, "modified": "2019-07-15T00:00:00", "published": "2019-07-15T00:00:00", "id": "USN-4058-1", "href": "https://ubuntu.com/security/notices/USN-4058-1", "title": "Bash vulnerability", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2020-04-09T02:42:11", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "[4.2.46-34]\n- BASH_CMD should not be writable in restricted shell\n Resolves: #1693181", "edition": 1, "modified": "2020-04-06T00:00:00", "published": "2020-04-06T00:00:00", "id": "ELSA-2020-1113", "href": "http://linux.oracle.com/errata/ELSA-2020-1113.html", "title": "bash security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2020-08-27T22:07:12", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-18T13:41:06", "published": "2020-08-18T13:17:37", "id": "RHSA-2020:3474", "href": "https://access.redhat.com/errata/RHSA-2020:3474", "type": "redhat", "title": "(RHSA-2020:3474) Moderate: bash security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-22T17:58:58", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-01T19:51:42", "published": "2020-09-01T19:22:07", "id": "RHSA-2020:3592", "href": "https://access.redhat.com/errata/RHSA-2020:3592", "type": "redhat", "title": "(RHSA-2020:3592) Moderate: bash security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-09-22T17:57:16", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-22T15:21:07", "published": "2020-09-22T14:59:46", "id": "RHSA-2020:3803", "href": "https://access.redhat.com/errata/RHSA-2020:3803", "type": "redhat", "title": "(RHSA-2020:3803) Moderate: bash security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-02T17:40:02", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.", "modified": "2020-03-31T14:09:11", "published": "2020-03-31T13:20:26", "id": "RHSA-2020:1113", "href": "https://access.redhat.com/errata/RHSA-2020:1113", "type": "redhat", "title": "(RHSA-2020:1113) Moderate: bash security update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2019-04-09T01:13:45", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "This update for bash fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-9924: Fixed a vulnerability in which shell did not prevent user\n BASH_CMDS allowing the user to execute any command with the permissions\n of the shell (bsc#1130324).\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "edition": 1, "modified": "2019-04-09T00:09:20", "published": "2019-04-09T00:09:20", "id": "OPENSUSE-SU-2019:1178-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00049.html", "title": "Security update for bash (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cloudfoundry": [{"lastseen": "2019-08-30T04:36:05", "bulletinFamily": "software", "cvelist": ["CVE-2019-9924"], "description": "# \n\n## Severity\n\nLow\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nIt was discovered that Bash incorrectly handled the restricted shell. An attacker could possibly use this issue to escape restrictions and execute any command.\n\nCVEs contained in this USN include: CVE-2019-9924\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.72\n * 250.x versions prior to 250.84\n * 170.x versions prior to 170.111\n * 97.x versions prior to 97.135\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.72\n * Upgrade 250.x versions to 250.84\n * Upgrade 170.x versions to 170.111\n * Upgrade 97.x versions to 97.135\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n## References\n\n * [USN-4058-1](<https://usn.ubuntu.com/4058-1>)\n * [CVE-2019-9924](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9924>)\n", "edition": 1, "modified": "2019-08-29T00:00:00", "published": "2019-08-29T00:00:00", "id": "CFOUNDRY:E6036A4BBC849BD324B2879082C9CA11", "href": "https://www.cloudfoundry.org/blog/usn-4058-1/", "title": "USN-4058-1: Bash vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-04-08T22:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924"], "description": "**CentOS Errata and Security Advisory** CESA-2020:1113\n\n\nThe bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux.\n\nSecurity Fix(es):\n\n* bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-April/012412.html\n\n**Affected packages:**\nbash\nbash-doc\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-04-08T17:44:32", "published": "2020-04-08T17:44:32", "id": "CESA-2020:1113", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-April/012412.html", "title": "bash security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-09-14T13:23:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1113 advisory.\n\n - bash: BASH_CMD is writable in restricted bash shells\n (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-10T00:00:00", "title": "CentOS 7 : bash (CESA-2020:1113)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2020-04-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bash-doc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:bash"], "id": "CENTOS_RHSA-2020-1113.NASL", "href": "https://www.tenable.com/plugins/nessus/135339", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2020:1113 and \n# CentOS Errata and Security Advisory 2020:1113 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135339);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2019-9924\");\n script_xref(name:\"RHSA\", value:\"2020:1113\");\n\n script_name(english:\"CentOS 7 : bash (CESA-2020:1113)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1113 advisory.\n\n - bash: BASH_CMD is writable in restricted bash shells\n (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-April/012412.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?da81d42f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bash packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9924\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-4.2.46-34.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bash-doc-4.2.46-34.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-doc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-19T05:34:10", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3803 advisory.\n\n - bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-23T00:00:00", "title": "RHEL 7 : bash (RHSA-2020:3803)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2020-09-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4::server", "p-cpe:/a:redhat:enterprise_linux:bash", "cpe:/o:redhat:rhel_e4s:7.4::server", "cpe:/o:redhat:rhel_aus:7.4::server", "cpe:/o:redhat:rhel_tus:7.4", "cpe:/o:redhat:rhel_aus:7.4", "p-cpe:/a:redhat:enterprise_linux:bash-doc"], "id": "REDHAT-RHSA-2020-3803.NASL", "href": "https://www.tenable.com/plugins/nessus/140746", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3803. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140746);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\"CVE-2019-9924\");\n script_bugtraq_id(109277);\n script_xref(name:\"RHSA\", value:\"2020:3803\");\n\n script_name(english:\"RHEL 7 : bash (RHSA-2020:3803)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3803 advisory.\n\n - bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/138.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1691774\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(138);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4::server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_aus_7_4_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms'\n ],\n 'rhel_e4s_7_4_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms'\n ],\n 'rhel_tus_7_4_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:3803');\n}\n\npkgs = [\n {'reference':'bash-4.2.46-30.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_4', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_4_server', 'rhel_e4s_7_4_server', 'rhel_tus_7_4_server']},\n {'reference':'bash-doc-4.2.46-30.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_4', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_4_server', 'rhel_e4s_7_4_server', 'rhel_tus_7_4_server']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bash / bash-doc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:17:44", "description": "This update for bash fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-9924: Fixed a vulnerability in which shell did not prevent\nuser BASH_CMDS allowing the user to execute any command with the\npermissions of the shell (bsc#1130324).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-07-08T00:00:00", "title": "SUSE SLES12 Security Update : bash (SUSE-SU-2019:0838-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2019-07-08T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:bash", "p-cpe:/a:novell:suse_linux:bash-debugsource", "p-cpe:/a:novell:suse_linux:libreadline6-debuginfo", "p-cpe:/a:novell:suse_linux:libreadline6", "p-cpe:/a:novell:suse_linux:bash-debuginfo"], "id": "SUSE_SU-2019-0838-2.NASL", "href": "https://www.tenable.com/plugins/nessus/126524", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0838-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126524);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-9924\");\n\n script_name(english:\"SUSE SLES12 Security Update : bash (SUSE-SU-2019:0838-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bash fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-9924: Fixed a vulnerability in which shell did not prevent\nuser BASH_CMDS allowing the user to execute any command with the\npermissions of the shell (bsc#1130324).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9924/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190838-2/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1348d432\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-838=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP5:zypper in -t patch\nSUSE-SLE-WE-12-SP5-2019-838=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-838=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-838=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-838=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-838=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bash-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bash-debuginfo-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bash-debugsource-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-debuginfo-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libreadline6-debuginfo-6.3-83.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:07:36", "description": "An update of the bash package has been released.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "title": "Photon OS 1.0: Bash PHSA-2019-1.0-0229", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:bash", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0229_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/124869", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0229. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124869);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\"CVE-2019-9924\");\n\n script_name(english:\"Photon OS 1.0: Bash PHSA-2019-1.0-0229\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the bash package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-229.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-4.3.48-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-debuginfo-4.3.48-3.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"bash-lang-4.3.48-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-21T05:58:09", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1113 advisory.\n\n - bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-04-01T00:00:00", "title": "RHEL 7 : bash (RHSA-2020:1113)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2020-04-01T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bash", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client", "p-cpe:/a:redhat:enterprise_linux:bash-doc"], "id": "REDHAT-RHSA-2020-1113.NASL", "href": "https://www.tenable.com/plugins/nessus/135062", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1113. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135062);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/19\");\n\n script_cve_id(\"CVE-2019-9924\");\n script_bugtraq_id(109277);\n script_xref(name:\"RHSA\", value:\"2020:1113\");\n\n script_name(english:\"RHEL 7 : bash (RHSA-2020:1113)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1113 advisory.\n\n - bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/138.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9924\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1691774\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash and / or bash-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(138);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bash-doc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:1113');\n}\n\npkgs = [\n {'reference':'bash-4.2.46-34.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'bash-4.2.46-34.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'bash-doc-4.2.46-34.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'bash-doc-4.2.46-34.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bash / bash-doc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:58:08", "description": "According to the version of the bash package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - rbash in Bash before 4.4-beta2 did not prevent the\n shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the\n shell.(CVE-2019-9924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-29T00:00:00", "title": "EulerOS 2.0 SP2 : bash (EulerOS-SA-2019-1563)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2019-05-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bash", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1563.NASL", "href": "https://www.tenable.com/plugins/nessus/125490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125490);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-9924\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : bash (EulerOS-SA-2019-1563)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bash package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - rbash in Bash before 4.4-beta2 did not prevent the\n shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the\n shell.(CVE-2019-9924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1563\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?690cd50f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bash-4.2.46-28.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-11T11:58:22", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bash packages installed that are affected by a\nvulnerability:\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : bash Vulnerability (NS-SA-2020-0101)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0101_BASH.NASL", "href": "https://www.tenable.com/plugins/nessus/143950", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0101. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143950);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2019-9924\");\n script_bugtraq_id(109277);\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : bash Vulnerability (NS-SA-2020-0101)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bash packages installed that are affected by a\nvulnerability:\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0101\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bash packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.05': [\n 'bash-4.2.46-34.el7.cgslv5_5.0.1.g97b8dcb.lite',\n 'bash-debuginfo-4.2.46-34.el7.cgslv5_5.0.1.g97b8dcb.lite',\n 'bash-doc-4.2.46-34.el7.cgslv5_5.0.1.g97b8dcb.lite',\n 'bash-lang-4.2.46-34.el7.cgslv5_5.0.1.g97b8dcb.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'bash-4.2.46-34.el7.cgslv5_5',\n 'bash-debuginfo-4.2.46-34.el7.cgslv5_5',\n 'bash-doc-4.2.46-34.el7.cgslv5_5'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bash');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T08:58:16", "description": "According to the version of the bash package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - rbash in Bash before 4.4-beta2 did not prevent the\n shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the\n shell.(CVE-2019-9924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-30T00:00:00", "title": "EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1609)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2019-05-30T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.1.0", "p-cpe:/a:huawei:euleros:bash"], "id": "EULEROS_SA-2019-1609.NASL", "href": "https://www.tenable.com/plugins/nessus/125561", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125561);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-9924\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : bash (EulerOS-SA-2019-1609)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bash package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - rbash in Bash before 4.4-beta2 did not prevent the\n shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the\n shell.(CVE-2019-9924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1609\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?363650db\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bash-4.2.46-30.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:17:44", "description": "This update for bash fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-9924: Fixed a vulnerability in which shell did not prevent\nuser BASH_CMDS allowing the user to execute any command with the\npermissions of the shell (bsc#1130324).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-03T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2019:0838-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2019-04-03T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:bash", "p-cpe:/a:novell:suse_linux:bash-debugsource", "p-cpe:/a:novell:suse_linux:libreadline6-debuginfo", "p-cpe:/a:novell:suse_linux:libreadline6", "p-cpe:/a:novell:suse_linux:bash-debuginfo"], "id": "SUSE_SU-2019-0838-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0838-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(123671);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2019-9924\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2019:0838-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bash fixes the following issues :\n\nSecurity issue fixed :\n\nCVE-2019-9924: Fixed a vulnerability in which shell did not prevent\nuser BASH_CMDS allowing the user to execute any command with the\npermissions of the shell (bsc#1130324).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9924/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190838-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa3dba1a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-838=1\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2019-838=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-838=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2019-838=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-838=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-838=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-838=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2019-838=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-838=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libreadline6-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bash-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bash-debuginfo-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bash-debugsource-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libreadline6-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libreadline6-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libreadline6-debuginfo-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libreadline6-debuginfo-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bash-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bash-debuginfo-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bash-debugsource-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-debuginfo-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libreadline6-debuginfo-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bash-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bash-debugsource-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libreadline6-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bash-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bash-debuginfo-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bash-debugsource-4.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-32bit-6.3-83.23.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"libreadline6-debuginfo-6.3-83.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-28T21:08:05", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1503 advisory.\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-28T00:00:00", "title": "Amazon Linux 2 : bash (ALAS-2020-1503)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-9924"], "modified": "2020-10-28T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bash", "cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:bash-doc", "p-cpe:/a:amazon:linux:bash-debuginfo"], "id": "AL2_ALAS-2020-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/141999", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1503.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141999);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/28\");\n\n script_cve_id(\"CVE-2019-9924\");\n script_bugtraq_id(109277);\n script_xref(name:\"ALAS\", value:\"2020-1503\");\n\n script_name(english:\"Amazon Linux 2 : bash (ALAS-2020-1503)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2020-1503 advisory.\n\n - rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the\n user to execute any command with the permissions of the shell. (CVE-2019-9924)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2020-1503.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-9924\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update bash' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9924\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bash-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'bash-4.2.46-34.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'bash-4.2.46-34.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'bash-4.2.46-34.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'bash-debuginfo-4.2.46-34.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'bash-debuginfo-4.2.46-34.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'bash-debuginfo-4.2.46-34.amzn2', 'cpu':'x86_64', 'release':'AL2'},\n {'reference':'bash-doc-4.2.46-34.amzn2', 'cpu':'aarch64', 'release':'AL2'},\n {'reference':'bash-doc-4.2.46-34.amzn2', 'cpu':'i686', 'release':'AL2'},\n {'reference':'bash-doc-4.2.46-34.amzn2', 'cpu':'x86_64', 'release':'AL2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bash / bash-debuginfo / bash-doc\");\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-08-12T01:05:51", "bulletinFamily": "unix", "cvelist": ["CVE-2019-9924", "CVE-2016-9401"], "description": "Package : bash\nVersion : 4.3-11+deb8u2\nCVE ID : CVE-2016-9401 CVE-2019-9924\n\nTwo issues have been fixed in bash, the GNU Bourne-Again Shell:\n\nCVE-2016-9401\n\n The popd builtin segfaulted when called with negative out of range\n offsets.\n\nCVE-2019-9924\n\n Sylvain Beucler discovered that it was possible to call commands\n that contained a slash when in restricted mode (rbash) by adding\n them to the BASH_CMDS array.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.3-11+deb8u2.\n\nWe recommend that you upgrade your bash packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 9, "modified": "2019-03-25T11:56:08", "published": "2019-03-25T11:56:08", "id": "DEBIAN:DLA-1726-1:6FE02", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201903/msg00028.html", "title": "[SECURITY] [DLA 1726-1] bash security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "kitploit": [{"lastseen": "2020-12-08T05:23:24", "bulletinFamily": "tools", "cvelist": ["CVE-2019-6975", "CVE-2018-20346", "CVE-2019-3863", "CVE-2018-20505", "CVE-2018-14404", "CVE-2016-5385", "CVE-2019-11358", "CVE-2019-3861", "CVE-2017-7614", "CVE-2019-3823", "CVE-2018-16840", "CVE-2019-3858", "CVE-2018-14567", "CVE-2018-17456", "CVE-2017-14930", "CVE-2016-1252", "CVE-2015-5224", "CVE-2019-3462", "CVE-2018-20482", "CVE-2018-20685", "CVE-2019-3857", "CVE-2016-0634", "CVE-2018-16890", "CVE-2019-1543", "CVE-2018-3721", "CVE-2018-9251", "CVE-2018-12699", "CVE-2018-14618", "CVE-2019-6109", "CVE-2014-9939", "CVE-2019-5428", "CVE-2016-7543", "CVE-2019-9924", "CVE-2016-9401", "CVE-2011-3374", "CVE-2019-3856", "CVE-2017-13716", "CVE-2016-2779", "CVE-2019-3862", "CVE-2018-19486", "CVE-2018-20506", "CVE-2019-3855", "CVE-2019-3859", "CVE-2019-6111", "CVE-2019-3860", "CVE-2019-3822", "CVE-2018-3741", "CVE-2018-16839", "CVE-2017-8421", "CVE-2018-16842", "CVE-2018-16487"], "description": "A Simple and Comprehensive [ Vulnerability Scanner ](<https://www.kitploit.com/search/label/Vulnerability%20Scanner> \"Vulnerability Scanner\" ) for Containers, Suitable for CI. \n \n\n\n[  ](<https://1.bp.blogspot.com/-1UySMBavE18/XbTjD34g1JI/AAAAAAAAQu4/4Te6530_9tYsuMryQd-Se0KGB4nkAY7IgCNcBGAsYHQ/s1600/trivy_7_usage.gif>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-TYOxC4Qbct0/XbTjCrjEsxI/AAAAAAAAQuw/YGfdv_fB-HcijuGyoJsxeM2l4q1D9lcPgCNcBGAsYHQ/s1600/trivy_9_usage2.png>)\n\n \n\n\n[  ](<https://1.bp.blogspot.com/-sAp8dBwyVio/XbTjC1BIl1I/AAAAAAAAQu0/jfNQGljukp47bc9yJ_QX6nghXis43LkJQCNcBGAsYHQ/s1600/trivy_8_usage1.png>)\n\n \n** Abstract ** \n` Trivy ` ( ` tri ` pronounced like ** tri ** gger, ` vy ` pronounced like en ** vy ** ) is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System. ` Trivy ` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn etc.). ` Trivy ` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify an image name of container. \nIt is considered to be used in CI. Before pushing to a container registry, you can scan your local container image easily. See [ here ](<https://github.com/aquasecurity/trivy#continuous-integration-ci> \"here\" ) for details. \n \n** Features ** \n\n\n * Detect comprehensive vulnerabilities \n * OS packages (Alpine, ** Red Hat Universal Base Image ** , [ Red Hat Enterprise ](<https://www.kitploit.com/search/label/Red%20Hat%20Enterprise> \"Red Hat Enterprise\" ) Linux, CentOS, Debian and Ubuntu) \n * ** Application dependencies ** (Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo) \n * Simple \n * Specify only an image name \n * See [ Quick Start ](<https://github.com/aquasecurity/trivy#quick-start> \"Quick Start\" ) and [ Examples ](<https://github.com/aquasecurity/trivy#examples> \"Examples\" )\n * Easy installation \n * ` apt-get install ` , ` yum install ` and ` brew install ` is possible (See [ Installation ](<https://github.com/aquasecurity/trivy#installation> \"Installation\" ) ) \n * ** No need for prerequirements ** such as installation of DB, libraries, etc. (The exception is that you need ` rpm ` installed to scan images based on RHEL/CentOS. This is automatically included if you use our installers or the Trivy container image. See [ Vulnerability Detection ](<https://github.com/aquasecurity/trivy#vulnerability-detection> \"Vulnerability Detection\" ) for background information.) \n * High accuracy \n * ** Especially Alpine Linux and RHEL/CentOS **\n * Other OSes are also high \n * DevSecOps \n * ** Suitable for CI ** such as Travis CI, CircleCI, Jenkins, etc. \n * See [ CI Example ](<https://github.com/aquasecurity/trivy#continuous-integration-ci> \"CI Example\" )\n \n** Installation ** \n \n** RHEL/CentOS ** \nAdd repository setting to ` /etc/yum.repos.d ` . \n\n \n \n $ sudo vim /etc/yum.repos.d/trivy.repo\n [trivy]\n name=Trivy repository\n baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/\n gpgcheck=0\n enabled=1\n $ sudo yum -y update\n $ sudo yum -y install trivy\n\nor \n\n \n \n $ rpm -ivh https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.rpm\n\n \n** Debian/Ubuntu ** \nAdd repository to ` /etc/apt/sources.list.d ` . \n\n \n \n $ sudo apt-get install wget apt-transport-https gnupg lsb-release\n $ wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -\n $ echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list\n $ sudo apt-get update\n $ sudo apt-get install trivy\n\nor \n\n \n \n $ sudo apt-get install rpm\n $ wget https://github.com/aquasecurity/trivy/releases/download/v0.1.6/trivy_0.1.6_Linux-64bit.deb\n $ sudo dpkg -i trivy_0.1.6_Linux-64bit.deb\n\n \n** Arch Linux ** \nPackage trivy-bin can be installed from the Arch User Repository. Examples: \n\n \n \n pikaur -Sy trivy-bin\n\nor \n\n \n \n yay -Sy trivy-bin\n\n \n** Homebrew ** \nYou can use homebrew on macOS. \n\n \n \n $ brew install aquasecurity/trivy/trivy\n\n \n** Binary (Including Windows) ** \nGet the latest version from [ this page ](<https://github.com/aquasecurity/trivy/releases/latest> \"this page\" ) , and download the archive file for your operating system/architecture. Unpack the archive, and put the binary somewhere in your ` $PATH ` (on UNIX-y systems, /usr/local/bin or the like). Make sure it has execution bits turned on. \nYou also need to install ` rpm ` command for scanning images based on RHEL/CentOS. \n \n** From source ** \n\n \n \n $ mkdir -p $GOPATH/src/github.com/aquasecurity\n $ cd $GOPATH/src/github.com/aquasecurity\n $ git clone https://github.com/aquasecurity/trivy\n $ cd trivy/cmd/trivy/\n $ export GO111MODULE=on\n $ go install\n\nYou also need to install ` rpm ` command for scanning images based on RHEL/CentOS. \n \n** Quick Start ** \nSimply specify an image name (and a tag). ** The ` latest ` tag should be avoided as problems occur with cache. ** . See [ Clear image caches ](<https://github.com/aquasecurity/trivy#clear-image-caches> \"Clear image caches\" ) . \n \n** Basic ** \n\n \n \n $ trivy [YOUR_IMAGE_NAME]\n\nFor example: \n\n \n \n $ trivy python:3.4-alpine\n\n \n \nResult \n\n \n \n 2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...\n 2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n** Docker ** \nReplace [YOUR_CACHE_DIR] with the cache directory on your machine. \n\n \n \n $ docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy [YOUR_IMAGE_NAME]\n\nExample for macOS: \n\n \n \n $ docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine\n\nIf you would like to scan the image on your host machine, you need to mount ` docker.sock ` . \n\n \n \n $ docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \\\n -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy python:3.4-alpine\n\nPlease re-pull latest ` aquasec/trivy ` if an error occurred. \n \n \nResult \n\n \n \n 2019-05-16T01:20:43.180+0900 INFO Updating vulnerability database...\n 2019-05-16T01:20:53.029+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n** Examples ** \n \n** Scan an image ** \nSimply specify an image name (and a tag). \n\n \n \n $ trivy knqyf263/vuln-image:1.2.3\n\n \n \nResult \n\n \n \n 2019-05-16T12:58:55.967+0900 INFO Updating vulnerability database...\n 2019-05-16T12:59:03.150+0900 INFO Detecting Alpine vulnerabilities...\n 2019-05-16T12:59:03.156+0900 INFO Updating bundler Security DB...\n 2019-05-16T12:59:04.941+0900 INFO Detecting bundler vulnerabilities...\n 2019-05-16T12:59:04.942+0900 INFO Updating cargo Security DB...\n 2019-05-16T12:59:05.967+0900 INFO Detecting cargo vulnerabilities...\n 2019-05-16T12:59:05.967+0900 INFO Updating composer Security DB...\n 2019-05-16T12:59:07.834+0900 INFO Detecting composer vulnerabilities...\n 2019-05-16T12:59:07.834+0900 INFO Updating npm Security DB...\n 2019-05-16T12:59:10.285+0900 INFO Detecting npm vulnerabilities...\n 2019-05-16T12:59:10.285+0900 INFO Updating pipenv Security DB...\n 2019-05-16T12:59:11.487+0900 INFO Detecting pipenv vulnerabilities...\n \n knqyf263/vuln-image:1.2.3 (alpine 3.7.1)\n ===== ===================================\n Total: 26 (UNKNOWN: 0, LOW: 3, MEDIUM: 16, HIGH: 5, CRITICAL: 2)\n \n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |\n | | | | | | via integer overflow |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2018-16839 | HIGH | | 7.61.1-r1 | curl: Integer overflow leading |\n | | | | | | to heap-based buffer overflow in |\n | | | | | | Curl_sasl_create_plain_message() |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |\n | | | | | | stack buffer overflow |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16840 | | | 7.61.1-r1 | curl: Use-after-free when |\n | | | | | | closing \"easy\" handle in |\n | | | | | | Curl_close() |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-16842 | MEDIUM | | | curl: Heap-based buffer |\n | | | | | | over-read in the curl tool |\n | | | | | | warning formatting |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16890 | | | 7.61.1-r2 | curl: NTLM type-2 heap |\n | | | | | | out-of-bounds buffer read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3823 | | | | curl: SMTP end-of-response |\n | | | | | | out-of-bounds read |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | git | CVE-2018-17456 | HIGH | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code execution |\n | | | | | | via .gitmodules |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-19486 | | | | git: Improper handling of |\n | | | | | | PATH allows for commands to be |\n | | | | | | executed from... |\n +---------+-- ----------------+----------+-------------------+---------------+----------------------------------+\n | libssh2 | CVE-2019-3855 | CRITICAL | 1.8.0-r2 | 1.8.1-r0 | libssh2: Integer overflow in |\n | | | | | | transport read resulting in |\n | | | | | | out of bounds write... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2019-3859 | MEDIUM | | | libssh2: Unchecked use of |\n | | | | | | _libssh2_packet_require and |\n | | | | | | _libssh2_packet_requirev |\n | | | | | | resulting in out-of-bounds |\n | | | | | | read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3858 | | | | libssh2: Zero-byte allocation |\n | | | | | | with a specially crafted SFTP |\n | | | | | | packed leading to an... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3863 | | | | libssh2: Integer overflow |\n | | | | | | in user authenticate |\n | | | | | | keyboard interactive allows |\n | | | | | | out-of-bounds writes |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3862 | | | | libssh2: Out-of-bounds memory |\n | | | | | | comparison with specially |\n | | | | | | crafted message channel |\n | | | | | | request |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3860 | | | | l ibssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SFTP |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3857 | | | | libssh2: Integer overflow in |\n | | | | | | SSH packet processing channel |\n | | | | | | resulting in out of... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3861 | | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SSH |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3856 | | | | libssh2: Integer overflow in |\n | | | | | | keyboard interactive handling |\n | | | | | | resulting in out of bounds... |\n +---------+------------------+ +-------------------+---------------+----------------------------------+\n | libxml2 | CVE-2018-14567 | | 2.9.7-r0 | 2.9.8-r1 | libxml2: Infinite loop when |\n | | | | | | --with-lzma is used allows for |\n | | | | | | denial of service... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-14404 | | | | libxml2: NULL pointer |\n | | | | | | dereference in |\n | | | | | | xpath.c:xmlXPathCompOpEval() |\n | | | | | | can allow attackers to cause |\n | | | | | | a... |\n + +------------------+- ---------+ + +----------------------------------+\n | | CVE-2018-9251 | LOW | | | libxml2: infinite loop in |\n | | | | | | xz_decomp function in xzlib.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | openssh | CVE-2019-6109 | MEDIUM | 7.5_p1-r9 | 7.5_p1-r10 | openssh: Missing character |\n | | | | | | encoding in progress display |\n | | | | | | allows for spoofing of scp... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-6111 | | | | openssh: Impro per validation |\n | | | | | | of object names allows |\n | | | | | | malicious server to overwrite |\n | | | | | | files... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-20685 | LOW | | | openssh: scp client improper |\n | | | | | | directory name validation |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | sqlite | CVE-2018-20346 | MEDIUM | 3.21.0-r1 | 3.25.3-r0 | sqlite: Multiple flaws in |\n | | | | | | sqlite which can be triggered |\n | | | | | | via corrupted internal... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | tar | CVE-2018-20482 | LOW | 1.29-r1 | 1.31-r0 | tar: Infinite read loop in |\n | | | | | | sparse_dump_region function in |\n | | | | | | sparse.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n \n ruby-app/Gemfile.lock\n =====================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +----------------------+------------------+----------+-------------------+----------- ----+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +----------------------+------------------+----------+-------------------+---------------+--------------------------------+\n | rails-html-sanitizer | CVE-2018-3741 | MEDIUM | 1.0.3 | >= 1.0.4 | rubygem-rails-html-sanitizer: |\n | | | | | | non-whitelisted attributes |\n | | | | | | are present in sanitized |\n | | | | | | output when input with |\n | | | | | | specially-crafted... |\n +----------------------+------------------+----------+- ------------------+---------------+--------------------------------+\n \n rust-app/Cargo.lock\n ===================\n Total: 3 (UNKNOWN: 3, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n \n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n | ammonia | RUSTSEC-2019-0001 | UNKNOWN | 1.9.0 | >= 2.1.0 | Uncontrolled recursion leads |\n | | | | | | to abort in HTML serialization |\n +---------+-------------------+ +-------------------+---------------+--------------------------------+\n | openssl | RUSTSEC-2016-0001 | | 0.8.3 | >= 0.9.0 | SSL/TLS MitM vulne rability due |\n | | | | | | to insecure defaults |\n + +-------------------+ + +---------------+--------------------------------+\n | | RUSTSEC-2018-0010 | | | >= 0.10.9 | Use after free in CMS Signing |\n +---------+-------------------+----------+-------------------+---------------+--------------------------------+\n \n php-app/composer.lock\n =====================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +-------------------+------------------+----------+-------------------+---------------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +-------------------+------------------+----------+-------------------+---------------------+--------------------------- -----+\n | guzzlehttp/guzzle | CVE-2016-5385 | MEDIUM | 6.2.0 | 6.2.1, 4.2.4, 5.3.1 | PHP: sets environmental |\n | | | | | | variable based on user |\n | | | | | | supplied Proxy request header |\n +-------------------+------------------+----------+-------------------+---------------------+--------------------------------+\n \n node-app/package-lock.json\n ==========================\n Total: 4 (UNKNOWN: 0, LOW: 0, MEDIUM: 3, HIGH: 1, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+---------------- ----------------+\n | jquery | CVE-2019-5428 | MEDIUM | 3.3.9 | >=3.4.0 | Modification of |\n | | | | | | Assumed-Immutable Data (MAID) |\n + +------------------+ + + +--------------------------------+\n | | CVE-2019-11358 | | | | js-jquery: prototype pollution |\n | | | | | | in object's prototype leading |\n | | | | | | to denial of service or... |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | lodash | CVE-2018-16487 | HIGH | 4.17.4 | >=4.17.11 | lodash: Prototype pollution in |\n | | | | | | utilities function |\n + +------------------+----------+ +---------------+ +\n | | CVE-2018-3721 | MEDIUM | | >=4.17.5 | |\n | | | | | | |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n \n python-app/Pipfile.lock\n =======================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n | django | CVE-2019-6975 | MEDIUM | 2.0.9 | 2.0.11 | python-django: |\n | | | | | | memory exhaustion in |\n | | | | | | django.utils.numberformat.format() |\n +---------+------------------+----------+-------------------+---------------+------------------------------------+\n\n \n \n** Scan an image file ** \n\n \n \n $ docker save ruby:2.3.0-alpine3.9 -o ruby-2.3.0.tar\n $ trivy --input ruby-2.3.0.tar\n\n \n \nResult \n\n \n \n 2019-05-16T12:45:57.332+0900 INFO Updating vulnerability database...\n 2019-05-16T12:45:59.119+0900 INFO Detecting Debian vulnerabilities...\n \n ruby-2.3.0.tar (debian 8.4)\n ===========================\n Total: 7447 (UNKNOWN: 5, LOW: 326, MEDIUM: 5695, HIGH: 1316, CRITICAL: 105)\n \n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of the |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |\n | | | | | | jessie before 1.0.9.8.4, in |\n | | | | | | Debian unstable before... |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2011-3374 | LOW | | | |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | bash | CVE-2016-7543 | HIGH | 4.3-11 | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n + +---------------------+ + +----------------------------------+-----------------------------------------------------+\n | | CVE-2019-9924 | | | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-0634 | MEDIUM | | 4.3-11+deb8u1 | bash: Arbitrary code execution |\n | | | | | | via malicious hostname |\n + +---------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |\n + +---------------------+ + +----------------------------------+--------------------- --------------------------------+\n | | TEMP-0841856-B18BAF | | | | |\n +------------------------------+---------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------\n ...\n\n \n \n** Save the results as JSON ** \n\n \n \n $ trivy -f json -o results.json golang:1.12-alpine\n\n \n \nResult \n\n \n \n 2019-05-16T01:46:31.777+0900 INFO Updating vulnerability database...\n 2019-05-16T01:47:03.007+0900 INFO Detecting Alpine vulnerabilities...\n\n \nJSON \n\n \n \n [\n {\n \"Target\": \"php-app/composer.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"node-app/package-lock.json\",\n \"Vulnerabilities\": [\n {\n \"VulnerabilityID\": \"CVE-2018-16487\",\n \"PkgName\": \"lodash\",\n \"InstalledVersion\": \"4.17.4\",\n \"FixedVersion\": \"\\u003e=4.17.11\",\n \"Title\": \"lodash: Prototype pollution in utilities function\",\n \"Description\": \"A prototype pollution vulnerability was found in lodash \\u003c4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487\",\n ]\n }\n ]\n },\n {\n \"Target\": \"trivy-ci-test (alpine 3.7.1)\",\n \"Vulnerabilities\": [\n {\n \"VulnerabilityID\": \"CVE-2018-1 6840\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r1\",\n \"Title\": \"curl: Use-after-free when closing \\\"easy\\\" handle in Curl_close()\",\n \"Description\": \"A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. \",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2019-3822\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r2\",\n \"Title\": \"curl: NTLMv2 type-3 header stack buffer overflow\",\n \"Description\": \"libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. \",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https:/ /curl.haxx.se/docs/CVE-2019-3822.html\",\n \"https://lists.apache.org/thread.html/[email\u00a0protected]%3Cdevnull.infra.apache.org%3E\"\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-16839\",\n \"PkgName\": \"curl\",\n \"InstalledVersion\": \"7.61.0-r0\",\n \"FixedVersion\": \"7.61.1-r1\",\n \"Title\": \"curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()\",\n \"Description\": \"Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-19486\",\n \"PkgName\": \"git\",\n \"InstalledVersion\": \"2.15.2-r0\",\n \"FixedVersion\": \"2.15.3-r0\",\n \"Title\": \"git: Improper handling of PATH allows for commands to be executed from the current directory\",\n \"Description\": \"Git before 2.19.2 on Linux and UNIX executes commands from the current working directory (as if '.' were at the end of $PATH) in certain cases involving the run_command() API and run-command.c, because there was a dangerous change from execvp to execv during 2017.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"https://usn.ubuntu.com/3829-1/\",\n ]\n },\n {\n \"VulnerabilityID\": \"CVE-2018-17456\",\n \"PkgName\": \"git\",\n \"InstalledVersion\": \"2.15.2-r0\",\n \"FixedVersion\": \"2.15.3-r0\",\n \"Title\": \"git: arbitrary code execution via .gitmodules\",\n \"Description\": \"Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows [remote code execution](<https://www.kitploit.com/search/label/Remote%20Code%20Execution> \"remote code execution\" ) during processing of a recursive \\\"git clone\\\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.\",\n \"Severity\": \"HIGH\",\n \"References\": [\n \"http://www.securitytracker.com/id/1041811\",\n ]\n }\n ]\n },\n {\n \"Target\": \"python-app/Pipfile.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"ruby-app/Gemfile.lock\",\n \"Vulnerabilities\": null\n },\n {\n \"Target\": \"rust-app/Cargo.lock\",\n \"Vulnerabilities\": null\n }\n ]\n\n \n \n** Filter the vulnerabilities by severities ** \n\n \n \n $ trivy --severity HIGH,CRITICAL ruby:2.3.0\n\n \n \nResult \n\n \n \n 2019-05-16T01:51:46.255+0900 INFO Updating vulnerability database...\n 2019-05-16T01:51:49.213+0900 INFO Detecting Debian vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n =======================\n Total: 1785 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1680, CRITICAL: 105)\n \n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | Incorrect sanitation of t he |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n | bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n +-----------------------------+------------------+ +---------------------------+----------------------------------+-------------------------------------------------+\n | binutils | CVE-2017-8421 | | 2.25-5 | | binutils: Memory exhaustion in |< br/>| | | | | | objdump via a crafted PE file |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-14930 | | | | binutils: Memory leak in |\n | | | | | | decode_line_info |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-7614 | | | | binutils: NULL |\n | | | | | | pointer dereference in |\n | | | | | | bfd_elf_final_link function |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2014-9939 | | | | binutils: buffer overflow in |\n | | | | | | ihex.c |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2017-13716 | | | | binutils: Memory leak with the |\n | | | | | | C++ symbol demangler routine |\n | | | | | | in libiberty |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2018-12699 | | | | binutils: heap-based buffer |\n | | | | | | overflow in finish_stab in |\n | | | | | | stabs.c |\n +-----------------------------+------------------+ +---------------------------+----------------------------------+-------------------------------------------------+\n | bsdutils | CVE-2015-5224 | | 2.25.2-6 | | util-linux: File name |\n | | | | | | collision due to incorrect |\n | | | | | | mkstemp use |\n + +------------------+ + +----------------------------------+-------------------------------------------------+\n | | CVE-2016-2779 | | | | util-linux: runuser tty hijack |\n | | | | | | via TIOCSTI ioctl |\n +-----------------------------+------------------+----------+---------------------------+----------------------------------+-------------------------------------------------+\n\n \n \n** Filter the vulnerabilities by type ** \n\n \n \n $ trivy --vuln-type os ruby:2.3.0\n\nAvailable values: \n\n\n * library \n * os \n \nResult \n\n \n \n 2019-05-22T19:36:50.530+0200 [34mINFO[0m Updating vulnerability database...\n 2019-05-22T19:36:51.681+0200 [34mINFO[0m Detecting Alpine vulnerabilities...\n 2019-05-22T19:36:51.685+0200 [34mINFO[0m Updating npm Security DB...\n 2019-05-22T19:36:52.389+0200 [34mINFO[0m Detecting npm vulnerabilities...\n 2019-05-22T19:36:52.390+0200 [34mINFO[0m Updating pipenv Security DB...\n 2019-05-22T19:36:53.406+0200 [34mINFO[0m Detecting pipenv vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n Total: 4751 (UNKNOWN: 1, LOW: 150, MEDIUM: 3504, HIGH: 1013, CRITICAL: 83)\n \n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------- -----+----------------------------------+\n | curl | CVE-2018-14618 | CRITICAL | 7.61.0-r0 | 7.61.1-r0 | curl: NTLM password overflow |\n | | | | | | via integer overflow |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2018-16839 | HIGH | | 7.61.1-r1 | curl: Integer overflow leading |\n | | | | | | to heap-based buffer overflow in |\n | | | | | | Curl_sasl_create_plain_message() |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2019-3822 | | | 7.61.1-r2 | curl: NTLMv2 type-3 header |\n | | | | | | stack buffer overflow |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16840 | | | 7.61.1-r1 | curl: Use-after-free when |\n | | | | | | closing \"easy\" handle in |\n | | | | | | Curl_close() |\n + +------------------+----------+ +---------------+----------------------------------+\n | | CVE-2019-3823 | MEDIUM | | 7.61.1-r2 | curl: SMTP end-of-response |\n | | | | | | out-of-bounds read |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-16890 | | | | curl: NTLM type-2 heap |\n | | | | | | out-of-bounds buffer read |\n + +------------------+ + +---------------+----------------------------------+\n | | CVE-2018-16842 | | | 7.61.1-r1 | curl: Heap-based buffer |\n | | | | | | over-read in the curl tool |\n | | | | | | warning formatting |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | git | CVE-2018-17456 | HIGH | 2.15.2-r0 | 2.15.3-r0 | git: arbitrary code execution |\n | | | | | | via .gitmodules |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-19486 | | | | git: Improper handling of |\n | | | | | | PATH allows for commands to be |\n | | | | | | executed from... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | libssh2 | CVE-2019-3855 | CRITICAL | 1.8.0-r2 | 1.8.1-r0 | libssh2: Integer overflow in |\n | | | | | | transport read resulting in |\n | | | | | | out of bounds write... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2019-3861 | MEDIUM | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SSH |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3857 | | | | libssh2: Integer overflow in |\n | | | | | | SSH packet processing channel |\n | | | | | | resulting in out of... |\n + +-------------- ----+ + + +----------------------------------+\n | | CVE-2019-3856 | | | | libssh2: Integer overflow in |\n | | | | | | keyboard interactive handling |\n | | | | | | resulting in out of bounds... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3863 | | | | libssh2: Integer overflow |\n | | | | | | in user authenticate |\n | | | | | | keyboard interactive allows |\n | | | | | | out-of-b ounds writes |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3862 | | | | libssh2: Out-of-bounds memory |\n | | | | | | comparison with specially |\n | | | | | | crafted message channel |\n | | | | | | request |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3860 | | | | libssh2: Out-of-bounds reads |\n | | | | | | with specially crafted SFTP |\n | | | | | | packets |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3858 | | | | libssh2: Zero-byte allocation |\n | | | | | | with a specially crafted SFTP |\n | | | | | | packed leading to an... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-3859 | | | | libssh2: Unchecked use of |\n | | | | | | _libssh2_packet_require and |\n | | | | | | _libssh2_pack et_requirev |\n | | | | | | resulting in out-of-bounds |\n | | | | | | read |\n +---------+------------------+ +-------------------+---------------+----------------------------------+\n | libxml2 | CVE-2018-14404 | | 2.9.7-r0 | 2.9.8-r1 | libxml2: NULL pointer |\n | | | | | | dereference in |\n | | | | | | xpath.c:xmlXPathCompOpEval() |\n | | | | | | can allow attackers to cause |\n | | | | | | a... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2018-14567 | | | | libxml2: Infinite loop when |\n | | | | | | --with-lzma is used allows for |\n | | | | | | denial of service... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-9251 | LOW | | | libxml2: infinite loop in |\n | | | | | | xz_decomp function in xzlib.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | openssh | CVE-2019-6109 | MEDIUM | 7.5_p1-r9 | 7.5_p1-r10 | openssh: Missing c haracter |\n | | | | | | encoding in progress display |\n | | | | | | allows for spoofing of scp... |\n + +------------------+ + + +----------------------------------+\n | | CVE-2019-6111 | | | | openssh: Improper validation |\n | | | | | | of object names allows |\n | | | | | | malicious server to overwrite |\n | | | | | | files... |\n + +------------------+----------+ + +----------------------------------+\n | | CVE-2018-20685 | LOW | | | openssh: scp client improper |\n | | | | | | directory name validation |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | sqlite | CVE-2018-20346 | MEDIUM | 3.21.0-r1 | 3.25.3-r0 | CVE-2018-20505 CVE-2018-20506 |\n | | | | | | sqlite: Multiple flaws in |\n | | | | | | sqlite which can be triggered |\n | | | | | | via... |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n | tar | CVE-2018-20482 | LOW | 1.29-r1 | 1.31-r0 | tar: Infinite read loop in |\n | | | | | | sparse_dump_region function in |\n | | | | | | sparse.c |\n +---------+------------------+----------+-------------------+---------------+----------------------------------+\n\n \n** Skip update of vulnerability DB ** \n` Trivy ` always updates its vulnerability database when it starts operating. This is usually fast, as it is a difference update. But if you want to skip even that, use the ` --skip-update ` option. \n\n \n \n $ trivy --skip-update python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:48:08.703+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n\n \n \n** Update only specified distributions ** \nBy default, ` Trivy ` always updates its vulnerability database for all distributions. Use the ` --only-update ` option if you want to name specified distributions to update. \n\n \n \n $ trivy --only-update alpine,debian python:3.4-alpine3.9\n $ trivy --only-update alpine python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-21T19:37:06.301+0900 INFO Updating vulnerability database...\n 2019-05-21T19:37:07.793+0900 INFO Updating alpine data...\n 2019-05-21T19:37:08.127+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+----------------- -+----------+-------------------+---------------+--------------------------------+\n\n \n \n** Ignore unfixed vulnerabilities ** \nBy default, ` Trivy ` also detects unpatched/unfixed vulnerabilities. This means you can't fix these vulnerabilities even if you update all packages. If you would like to ignore them, use the ` --ignore-unfixed ` option. \n\n \n \n $ trivy --ignore-unfixed ruby:2.3.0\n\n \n \nResult \n\n \n \n 2019-05-16T12:49:52.656+0900 INFO Updating vulnerability database...\n 2019-05-16T12:50:14.786+0900 INFO Detecting Debian vulnerabilities...\n \n ruby:2.3.0 (debian 8.4)\n =======================\n Total: 4730 (UNKNOWN: 1, LOW: 145, MEDIUM: 3487, HIGH: 1014, CRITICAL: 83)\n \n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | apt | CVE-2019-3462 | CRITICAL | 1.0.9.8.3 | 1.0.9.8.5 | I ncorrect sanitation of the |\n | | | | | | 302 redirect field in HTTP |\n | | | | | | transport method of... |\n + +------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-1252 | MEDIUM | | 1.0.9.8.4 | The apt package in Debian |\n | | | | | | jessie before 1.0.9.8.4, in |\n | | | | | | Debian unstable before... |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n | bash | CVE-2019-9924 | HIGH | 4.3-11 | 4.3-11+deb8u2 | bash: BASH_CMD is writable in |\n | | | | | | restricted bash shells |\n + +------------------+ + +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-7543 | | | 4.3-11+deb8u1 | bash: Specially crafted |\n | | | | | | SHELLOPTS+PS4 variables allows |\n | | | | | | command substitution |\n + +------------------+----------+ + +-----------------------------------------------------+\n | | CVE-2016-0634 | MEDIUM | | | bash: Arbitrary code execution |\n | | | | | | via malicious hostname |\n + +------------------+----------+ +----------------------------------+-----------------------------------------------------+\n | | CVE-2016-9401 | LOW | | 4.3-11+deb8u2 | bash: popd controlled free |\n +------------------------------+------------------+----------+----------------------------+----------------------------------+-----------------------------------------------------+\n ...\n\n \n \n** Specify exit code ** \nBy default, ` Trivy ` exits with code 0 even when vulnerabilities are detected. Use the ` --exit-code ` option if you want to exit with a non-zero exit code. \n\n \n \n $ trivy --exit-code 1 python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:51:43.500+0900 INFO Updating vulnerability database...\n 2019-05-16T12:52:00.387+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)\n \n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +---------+------------------+----------+-------------------+---------------+--------------------------------+\n | openssl | CVE-2019-1543 | MEDIUM | 1.1.1a-r1 | 1.1.1b-r1 | openssl: ChaCha20-Poly1305 |\n | | | | | | with long nonces |\n +---------+------------------+----------+-------------------+---------------+------------------- -------------+\n\n \n \nThis option is useful for CI/CD. In the following example, the test will fail only when a critical vulnerability is found. \n\n \n \n $ trivy --exit-code 0 --severity MEDIUM,HIGH ruby:2.3.0\n $ trivy --exit-code 1 --severity CRITICAL ruby:2.3.0\n\n \n** Ignore the specified vulnerabilities ** \nUse ` .trivyignore ` . \n\n \n \n $ cat .trivyignore\n # Accept the risk\n CVE-2018-14618\n \n # No impact in our settings\n CVE-2019-1543\n \n $ trivy python:3.4-alpine3.9\n\n \n \nResult \n\n \n \n 2019-05-16T12:53:10.076+0900 INFO Updating vulnerability database...\n 2019-05-16T12:53:28.134+0900 INFO Detecting Alpine vulnerabilities...\n \n python:3.4-alpine3.9 (alpine 3.9.2)\n ===================================\n Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n \n\n \n \n** Specify cache directory ** \n\n \n \n $ trivy --cache-dir /tmp/trivy/ python:3.4-alpine3.9\n\n \n** Clear image caches ** \nThe ` --clear-cache ` option removes image caches. This option is useful if the image which has the same tag is updated (such as when using ` latest ` tag). \n\n \n \n $ trivy --clear-cache python:3.7\n\n \n \nResult \n\n \n \n 2019-05-16T12:55:24.749+0900 INFO Removing image caches...\n 2019-05-16T12:55:24.769+0900 INFO Updating vulnerability database...\n 2019-05-16T12:56:14.055+0900 INFO Detecting Debian vulnerabilities...\n \n python:3.7 (debian 9.9)\n =======================\n Total: 3076 (UNKNOWN: 0, LOW: 127, MEDIUM: 2358, HIGH: 578, CRITICAL: 13)\n \n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |\n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n | apt | CVE-2011-3374 | LOW | 1.4.9 | | |\n +------------------------------+---------------------+ +--------------------------+------------------+-------------------------------------------------------+\n | bash | TEMP-0841856-B18BAF | | 4.4-5 | | |\n +------------------------------+---------------------+----------+--------------------------+------------------+-------------------------------------------------------+\n ...\n\n \n \n** Reset ** \nThe ` --reset ` option removes all caches and database. After this, it takes a long time as the vulnerability database needs to be rebuilt locally. \n\n \n \n $ trivy --reset\n\n \n \nResult \n\n \n \n 2019-05-16T13:05:31.935+0900 INFO Resetting...\n\n \n \n** Continuous Integration (CI) ** \nScan your image built in Travis CI/CircleCI. The test will fail if a vulnerability is found. When you don't want to fail the test, specify ` --exit-code 0 ` . \n** Note ** : It will take a while for the first time (faster by cache after the second time). \n \n** Travis CI ** \n\n \n \n $ cat .travis.yml\n services:\n - docker\n \n env:\n global:\n - COMMIT=${TRAVIS_COMMIT::8}\n \n before_install:\n - docker build -t trivy-ci-test:${COMMIT} .\n - export VERSION=$(curl --silent \"https://api.github.com/repos/aquasecurity/trivy/releases/latest\" | grep '\"tag_name\":' | sed -E 's/.*\"v([^\"]+)\".*/\\1/')\n - wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n - tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz\n script:\n - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh trivy-ci-test:${COMMIT}\n - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh trivy-ci-test:${COMMIT}\n cache:\n directories:\n - $HOME/.cache/trivy\n\nExample: [ https://travis-ci.org/aquasecurity/trivy-ci-test ](<https://travis-ci.org/aquasecurity/trivy-ci-test> \"https://travis-ci.org/aquasecurity/trivy-ci-test\" ) \nRepository: [ https://github.com/aquasecurity/trivy-ci-test ](<https://github.com/aquasecurity/trivy-ci-test> \"https://github.com/aquasecurity/trivy-ci-test\" ) \n \n** CircleCI ** \n\n \n \n $ cat .circleci/config.yml\n jobs:\n build:\n docker:\n - image: docker:18.09-git\n steps:\n - checkout\n - setup_remote_docker\n - restore_cache:\n key: vulnerability-db\n - run:\n name: Build image\n command: docker build -t trivy-ci-test:${CIRCLE_SHA1} .\n - run:\n name: Install trivy\n command: |\n apk add --update curl\n VERSION=$(\n curl --silent \"https://api.github.com/repos/aquasecurity/trivy/releases/latest\" | \\\n grep '\"tag_name\":' | \\\n sed -E 's/.*\"v([^\"]+)\".*/\\1/'\n )\n \n wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n tar zxvf trivy_${VERSION}_Linux-64bit.tar.gz\n mv trivy /usr/local/bin\n - run:\n name: Scan the lo cal image with trivy\n command: trivy --exit-code 0 --no-progress --auto-refresh trivy-ci-test:${CIRCLE_SHA1}\n - save_cache:\n key: vulnerability-db\n paths:\n - $HOME/.cache/trivy\n workflows:\n version: 2\n release:\n jobs:\n - build\n\nExample: [ https://circleci.com/gh/aquasecurity/trivy-ci-test ](<https://circleci.com/gh/aquasecurity/trivy-ci-test> \"https://circleci.com/gh/aquasecurity/trivy-ci-test\" ) \nRepository: [ https://github.com/aquasecurity/trivy-ci-test ](<https://github.com/aquasecurity/trivy-ci-test> \"https://github.com/aquasecurity/trivy-ci-test\" ) \n \n** Authorization for Private Docker Registry ** \nTrivy can download images from private registry, without installing ` Docker ` and any 3rd party tools. That's because it's easy to run in a CI process. \nAll you have to do is install ` Trivy ` and set ENV vars. But, I can't recommend using ENV vars in your local machine to you. \n \n** Docker Hub ** \nDocker Hub needs ` TRIVY_AUTH_URL ` , ` TRIVY_USERNAME ` and ` TRIVY_PASSWORD ` . You don't need to set ENV vars when download from public repository. \n\n \n \n export TRIVY_AUTH_URL=https://registry.hub.docker.com\n export TRIVY_USERNAME={DOCKERHUB_USERNAME}\n export TRIVY_PASSWORD={DOCKERHUB_PASSWORD}\n\n \n** Amazon ECR (Elastic Container Registry) ** \nTrivy uses AWS SDK. You don't need to install ` aws ` CLI tool. You can use [ AWS CLI's ENV Vars ](<https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html> \"AWS CLI's ENV Vars\" ) . \n \n** GCR (Google Container Registry) ** \nTrivy uses Google Cloud SDK. You don't need to install ` gcloud ` command. \nIf you want to use target project's repository, you can settle via ` GOOGLE_APPLICATION_CREDENTIAL ` . \n\n \n \n # must set TRIVY_USERNAME empty char\n export GOOGLE_APPLICATION_CREDENTIALS=/path/to/credential.json\n\n \n** Self Hosted Registry (BasicAuth) ** \nBasicAuth server needs ` TRIVY_USERNAME ` and ` TRIVY_PASSWORD ` . \n\n \n \n export TRIVY_USERNAME={USERNAME}\n export TRIVY_PASSWORD={PASSWORD}\n \n # if you want to use 80 port, use NonSSL\n export TRIVY_NON_SSL=true\n\n \n** Vulnerability Detection ** \n \n** OS Packages ** \nThe unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. \nOS | Supported Versions | Target Packages | Detection of unfixed vulnerabilities \n---|---|---|--- \nAlpine Linux | 2.2 - 2.7, 3.0 - 3.10 | Installed by apk | NO \nRed Hat Universal Base Image | 7, 8 | Installed by yum/rpm | YES \nRed Hat Enterprise Linux | 6, 7, 8 | Installed by yum/rpm | YES \nCentOS | 6, 7 | Installed by yum/rpm | YES \nDebian GNU/Linux | wheezy, jessie, stretch, buster | Installed by apt/apt-get/dpkg | YES \nUbuntu | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | Installed by apt/apt-get/dpkg | YES \nRHEL and CentOS package information is stored in a binary format, and Trivy uses the ` rpm ` executable to parse this information when scanning an image based on RHEL or CentOS. The Trivy container image includes ` rpm ` , and the installers include it as a dependency. If you installed the ` trivy ` binary using ` wget ` or ` curl ` , or if you build it from source, you will also need to ensure that ` rpm ` is available. \n \n** Application Dependencies ** \n` Trivy ` automatically detects the following files in the container and scans vulnerabilities in the application dependencies. \n\n\n * Gemfile.lock \n * Pipfile.lock \n * poetry.lock \n * composer.lock \n * package-lock.json \n * yarn.lock \n * Cargo.lock \nThe path of these files does not matter. \nExample: [ https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile ](<https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile> \"https://github.com/aquasecurity/trivy-ci-test/blob/master/Dockerfile\" ) \n \n** Data source ** \n\n\n * PHP \n * [ https://github.com/FriendsOfPHP/security-advisories ](<https://github.com/FriendsOfPHP/security-advisories> \"https://github.com/FriendsOfPHP/security-advisories\" )\n * Python \n * [ https://github.com/pyupio/safety-db ](<https://github.com/pyupio/safety-db> \"https://github.com/pyupio/safety-db\" )\n * Ruby \n * [ https://github.com/rubysec/ruby-advisory-db ](<https://github.com/rubysec/ruby-advisory-db> \"https://github.com/rubysec/ruby-advisory-db\" )\n * Node.js \n * [ https://github.com/nodejs/security-wg ](<https://github.com/nodejs/security-wg> \"https://github.com/nodejs/security-wg\" )\n * Rust \n * [ https://github.com/RustSec/advisory-db ](<https://github.com/RustSec/advisory-db> \"https://github.com/RustSec/advisory-db\" )\n \n** Usage ** \n\n \n \n NAME:\n trivy - A simple and comprehensive vulnerability scanner for containers\n USAGE:\n trivy [options] image_name\n VERSION:\n 0.1.6\n OPTIONS:\n --format value, -f value format (table, json) (default: \"table\")\n --input value, -i value input file path instead of image name\n --severity value, -s value severities of vulnerabilities to be displayed (comma separated) (default: \"UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL\")\n --output value, -o value output file name\n --exit-code value Exit code when vulnerabilities were found (default: 0)\n --skip-update skip db update\n --only-update value update db only specified distribution (comma separated)\n --reset remove all caches and database\n --clear-cache, -c clear image caches\n --quiet, -q suppress progress bar and log output\n --no-progress suppress progress bar\n - -ignore-unfixed display only fixed vulnerabilities\n --refresh refresh DB (usually used after version update of trivy)\n --auto-refresh refresh DB automatically when updating version of trivy\n --debug, -d debug mode\n --vuln-type value comma-separated list of vulnerability types (os,library) (default: \"os,library\")\n --cache-dir value cache directory (default: \"/path/to/cache\")\n --help, -h show help\n --version, -v print the version\n\n \n \n** Migration ** \nOn 19 August 2019, Trivy's repositories moved from ` knqyf263/trivy ` to ` aquasecurity/trivy ` . If you previously installed Trivy you should update any scripts or package manager records as described in this section. \n \n** Overview ** \nIf you have a script that installs Trivy (for example into your CI pipelines) you should update it to obtain it from the new location by replacing knqyf263/trivy with aquasecurity/trivy. \nFor example: \n\n \n \n # Before\n $ wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n \n # After\n $ wget https://github.com/aquasecurity/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz\n\n \n** CentOS/RedHat ** \nUse [ https://aquasecurity.github.io ](<https://aquasecurity.github.io/> \"https://aquasecurity.github.io\" ) instead of [ https://knqyf263.github.io ](<https://knqyf263.github.io/> \"https://knqyf263.github.io\" ) . \n\n \n \n $ yum remove trivy\n $ sed -i s/knqyf263/aquasecurity/g /etc/yum.repos.d/trivy.repo\n $ yum update\n $ yum install trivy\n\n \n** Debian/Ubuntu ** \nUse [ https://aquasecurity.github.io ](<https://aquasecurity.github.io/> \"https://aquasecurity.github.io\" ) instead of [ https://knqyf263.github.io ](<https://knqyf263.github.io/> \"https://knqyf263.github.io\" ) . \n\n \n \n $ apt-get remove --purge trivy\n $ sed -i s/knqyf263/aquasecurity/g /etc/apt/sources.list.d/trivy.list\n $ apt-get update\n $ apt-get install trivy\n\n \n** Homebrew ** \nTap aquasecurity/trivy \n\n \n \n $ brew uninstall --force trivy\n $ brew untap knqyf263/trivy\n $ brew install aquasecurity/trivy/trivy\n\n \n** Binary (Including Windows) ** \nNo need to fix. \n \n** Others ** \n \n** Detected version update of trivy. Please try again with --refresh option ** \nTry again with ` --refresh ` option: \n\n \n \n $ trivy --refresh alpine:3.9\n\n \n** Unknown error ** \nTry again with ` --reset ` option: \n\n \n \n $ trivy --reset\n\n \n** Credits ** \n\n\n * Special thanks to [ Tomoya Amachi ](<https://github.com/tomoyamachi> \"Tomoya Amachi\" )\n * Special thanks to [ Masahiro Fujimura ](<https://github.com/masahiro331> \"Masahiro Fujimura\" )\n * Special thanks to [ Naoki Harima ](<https://github.com/XapiMa> \"Naoki Harima\" )\n \n** Author ** \nTeppei Fukuda (knqyf263) \n \n \n\n\n** [ Download Trivy ](<https://github.com/aquasecurity/trivy> \"Download Trivy\" ) **\n", "edition": 212, "modified": "2019-11-05T12:00:00", "published": "2019-11-05T12:00:00", "id": "KITPLOIT:7323577050718865961", "href": "http://www.kitploit.com/2019/11/trivy-simple-and-comprehensive.html", "title": "Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI", "type": "kitploit", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}