Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-1445.NASL
HistoryJul 27, 2018 - 12:00 a.m.

Debian DLA-1445-3 : busybox regression update

2018-07-2700:00:00
This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON

It was found that the security update of busybox announced as DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking attack, was too strict in case of cpio archives. This update restores the old behavior.

For Debian 8 ‘Jessie’, this problem has been fixed in version 1:1.22.0-9+deb8u4.

We recommend that you upgrade your busybox packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1445-3. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(111358);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_name(english:"Debian DLA-1445-3 : busybox regression update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that the security update of busybox announced as
DLA-1445-1 to prevent the exploitation of CVE-2011-5325, a symlinking
attack, was too strict in case of cpio archives. This update restores
the old behavior.

For Debian 8 'Jessie', this problem has been fixed in version
1:1.22.0-9+deb8u4.

We recommend that you upgrade your busybox packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2018/08/msg00003.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/busybox"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_attribute(attribute:"risk_factor", value:"High");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox-syslogd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:busybox-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udhcpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:udhcpd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"busybox", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"busybox-static", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"busybox-syslogd", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"busybox-udeb", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"udhcpc", reference:"1:1.22.0-9+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"udhcpd", reference:"1:1.22.0-9+deb8u4")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxbusyboxp-cpe:/a:debian:debian_linux:busybox
debiandebian_linuxbusybox-staticp-cpe:/a:debian:debian_linux:busybox-static
debiandebian_linuxbusybox-syslogdp-cpe:/a:debian:debian_linux:busybox-syslogd
debiandebian_linuxbusybox-udebp-cpe:/a:debian:debian_linux:busybox-udeb
debiandebian_linuxudhcpcp-cpe:/a:debian:debian_linux:udhcpc
debiandebian_linuxudhcpdp-cpe:/a:debian:debian_linux:udhcpd
debiandebian_linux8.0cpe:/o:debian:debian_linux:8.0

Related

cve 2
debian 3
ubuntucve 1
veracode 1
cvelist 2
debiancve 1
prion 2
nvd 2
openvas 12
nessus 13
suse 3
osv 2
cloudfoundry 1
packetstorm 2
ubuntu 1
cve
cve
CVE-2011-5325
2017-08-07 17:29:00
CVE-2022-23227
2022-01-14 18:15:10
debian
debian
[SECURITY] [DLA 1445-3] busybox regression update
2018-08-03 05:18:30
[SECURITY] [DLA 1445-1] busybox security update
2018-07-27 04:39:37
[SECURITY] [DLA 2559-1] busybox security update
2021-02-15 11:56:52
ubuntucve
ubuntucve
CVE-2011-5325
2017-08-07 00:00:00
veracode
veracode
Directory Traversal
2021-02-15 22:51:22
cvelist
cvelist
CVE-2011-5325
2017-08-07 17:00:00
CVE-2022-23227
2022-01-14 17:13:57
debiancve
debiancve
CVE-2011-5325
2017-08-07 17:29:00
prion
prion
Directory traversal
2017-08-07 17:29:00
Design/Logic Flaw
2022-01-14 18:15:00
nvd
nvd
CVE-2011-5325
2017-08-07 17:29:00
CVE-2022-23227
2022-01-14 18:15:10
openvas
openvas
NUUO NVRmini 2 <= 03.11.0000.0016 RCE Vulnerability - Active Check
2022-01-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3531-1)
2021-10-28 00:00:00
openSUSE: Security Advisory for busybox (openSUSE-SU-2021:1408-1)
2021-11-01 00:00:00
nessus
nessus
RHEL 4 : busybox (Unpatched Vulnerability)
2024-06-03 00:00:00
openSUSE 15 Security Update : busybox (openSUSE-SU-2021:1408-1)
2021-11-01 00:00:00
openSUSE 15 Security Update : busybox (openSUSE-SU-2021:3531-1)
2021-10-28 00:00:00
suse
suse
Security update for busybox (important)
2021-10-27 00:00:00
Security update for busybox (important)
2021-10-31 00:00:00
Security update for busybox (important)
2022-05-18 00:00:00
osv
osv
busybox - security update
2021-02-15 00:00:00
busybox - security update
2018-07-27 00:00:00
cloudfoundry
cloudfoundry
USN-3935-1: BusyBox vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
packetstorm
packetstorm
ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password
2020-08-27 00:00:00
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
2019-06-13 00:00:00
ubuntu
ubuntu
BusyBox vulnerabilities
2019-04-03 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.013 Low

EPSS

Percentile

85.7%

JSON
Related for DEBIAN_DLA-1445.NASL
cve2debian3ubuntucve1veracode1cvelist2debiancve1prion2nvd2openvas12nessus13suse3osv2cloudfoundry1packetstorm2ubuntu1