Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3682.NASL
HistoryDec 03, 2023 - 12:00 a.m.

Debian DLA-3682-1 : ncurses - LTS security update

2023-12-0300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
debian
ncurses
lts
security update
vulnerabilities
heap-based buffer overflow
memory corruption
setuid application

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3682 advisory.

  • An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. (CVE-2021-39537)

  • ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3682. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(186526);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/03");

  script_cve_id("CVE-2021-39537", "CVE-2023-29491");

  script_name(english:"Debian DLA-3682-1 : ncurses - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3682 advisory.

  - An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer
    overflow. (CVE-2021-39537)

  - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-
    relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo
    or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034372");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ncurses");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3682");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-39537");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-29491");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/ncurses");
  script_set_attribute(attribute:"solution", value:
"Upgrade the ncurses packages.

For Debian 10 buster, these problems have been fixed in version 6.1+20181013-2+deb10u5.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-39537");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib32ncurses-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib32ncurses6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib32ncursesw6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib32tinfo6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib64ncurses-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib64ncurses6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib64ncursesw6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lib64tinfo6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncurses-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncurses5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncurses5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncurses6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncurses6-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncursesw5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncursesw5-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncursesw6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libncursesw6-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtinfo-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtinfo5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtinfo6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtinfo6-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ncurses-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ncurses-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ncurses-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ncurses-examples");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ncurses-term");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'lib32ncurses-dev', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib32ncurses6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib32ncursesw6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib32tinfo6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib64ncurses-dev', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib64ncurses6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib64ncursesw6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'lib64tinfo6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncurses-dev', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncurses5', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncurses5-dev', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncurses6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncurses6-dbg', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncursesw5', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncursesw5-dev', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncursesw6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libncursesw6-dbg', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libtinfo-dev', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libtinfo5', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libtinfo6', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'libtinfo6-dbg', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'ncurses-base', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'ncurses-bin', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'ncurses-doc', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'ncurses-examples', 'reference': '6.1+20181013-2+deb10u5'},
    {'release': '10.0', 'prefix': 'ncurses-term', 'reference': '6.1+20181013-2+deb10u5'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'lib32ncurses-dev / lib32ncurses6 / lib32ncursesw6 / lib32tinfo6 / etc');
}
VendorProductVersionCPE
debiandebian_linuxlib32ncurses-devp-cpe:/a:debian:debian_linux:lib32ncurses-dev
debiandebian_linuxlib32ncurses6p-cpe:/a:debian:debian_linux:lib32ncurses6
debiandebian_linuxlib32ncursesw6p-cpe:/a:debian:debian_linux:lib32ncursesw6
debiandebian_linuxlib32tinfo6p-cpe:/a:debian:debian_linux:lib32tinfo6
debiandebian_linuxlib64ncurses-devp-cpe:/a:debian:debian_linux:lib64ncurses-dev
debiandebian_linuxlib64ncurses6p-cpe:/a:debian:debian_linux:lib64ncurses6
debiandebian_linuxlib64ncursesw6p-cpe:/a:debian:debian_linux:lib64ncursesw6
debiandebian_linuxlib64tinfo6p-cpe:/a:debian:debian_linux:lib64tinfo6
debiandebian_linuxlibncurses-devp-cpe:/a:debian:debian_linux:libncurses-dev
debiandebian_linuxlibncurses5p-cpe:/a:debian:debian_linux:libncurses5
Rows per page:
1-10 of 271

Related

openvas 33
osv 7
debian 1
alpinelinux 2
nvd 2
suse 2
nessus 51
debiancve 2
redhatcve 2
cbl_mariner 4
cvelist 2
cve 2
veracode 2
prion 2
ubuntu 2
cloudfoundry 1
ubuntucve 4
amazon 3
oraclelinux 2
mageia 1
broadcom 1
thn 1
redos 1
redhat 53
ibm 8
almalinux 2
photon 3
fedora 1
mmpc 1
mssecure 1
openvas
openvas
Debian: Security Advisory (DLA-3682-1)
2023-12-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3490-1)
2021-10-21 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2022-1210)
2022-02-26 00:00:00
osv
osv
ncurses - security update
2023-12-03 00:00:00
CVE-2021-39537
2021-09-20 16:15:12
ncurses vulnerabilities
2023-05-23 11:56:42
debian
debian
[SECURITY] [DLA 3682-1] ncurses security update
2023-12-03 18:46:35
alpinelinux
alpinelinux
CVE-2021-39537
2021-09-20 16:15:12
CVE-2023-29491
2023-04-14 01:15:08
nvd
nvd
CVE-2021-39537
2021-09-20 16:15:12
CVE-2023-29491
2023-04-14 01:15:08
suse
suse
Security update for ncurses (moderate)
2021-10-31 00:00:00
Security update for ncurses (moderate)
2021-10-20 00:00:00
nessus
nessus
EulerOS Virtualization 2.10.1 : ncurses (EulerOS-SA-2022-1380)
2022-04-18 00:00:00
EulerOS 2.0 SP10 : ncurses (EulerOS-SA-2022-1229)
2022-02-25 00:00:00
SUSE SLED15 / SLES15 Security Update : ncurses (SUSE-SU-2021:3490-1)
2021-10-21 00:00:00
debiancve
debiancve
CVE-2021-39537
2021-09-20 16:15:12
CVE-2023-29491
2023-04-14 01:15:08
redhatcve
redhatcve
CVE-2021-39537
2021-09-22 19:10:18
CVE-2023-29491
2023-04-28 20:51:32
cbl_mariner
cbl_mariner
CVE-2021-39537 affecting package ncurses 6.2-6
2021-11-06 00:29:52
CVE-2021-39537 affecting package ncurses for versions less than 6.2-6
2022-04-26 19:57:37
CVE-2023-29491 affecting package ncurses 6.3-2
2023-05-25 17:55:45
cvelist
cvelist
CVE-2021-39537
2021-09-20 00:00:00
CVE-2023-29491
2023-04-14 00:00:00
cve
cve
CVE-2021-39537
2021-09-20 16:15:12
CVE-2023-29491
2023-04-14 01:15:08
veracode
veracode
Denial Of Service (DoS)
2021-12-09 17:11:49
Denial Of Service (DoS)
2023-04-24 05:19:24
prion
prion
Heap overflow
2021-09-20 16:15:00
Memory corruption
2023-04-14 01:15:00
ubuntu
ubuntu
ncurses vulnerabilities
2023-05-23 00:00:00
ncurses vulnerabilities
2022-06-14 00:00:00
cloudfoundry
cloudfoundry
USN-6099-1: ncurses vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
ubuntucve
ubuntucve
CVE-2021-39537
2021-09-20 00:00:00
CVE-2023-29491
2023-04-14 00:00:00
CVE-2023-50495
2023-12-12 00:00:00
amazon
amazon
Important: ncurses
2023-06-21 19:11:00
Important: ncurses
2023-07-05 21:44:00
Medium: ncurses
2022-12-01 20:31:00
oraclelinux
oraclelinux
ncurses security and bug fix update
2023-11-11 00:00:00
ncurses security update
2023-09-20 00:00:00
mageia
mageia
Updated ncurses packages fix security vulnerability
2024-03-16 01:51:55
broadcom
broadcom
A vulnerability was found in ncurses and occurs when used by a setuid application. (CVE-2023-29491)
2023-11-07 00:00:00
thn
thn
Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
2023-09-14 14:07:00
redos
redos
ROS-20240404-14
2024-04-04 00:00:00
redhat
redhat
(RHSA-2023:6698) Moderate: ncurses security and bug fix update
2023-11-07 06:12:11
(RHSA-2023:5249) Moderate: ncurses security update
2023-09-19 12:37:09
(RHSA-2023:7361) Moderate: ncurses security update
2023-11-21 08:12:16
ibm
ibm
Security Bulletin: IBM Cloud Pak for Data Scheduling image contains a vulnerable ncurses package ( CVE-2023-29491 )
2023-12-06 16:00:08
Security Bulletin: IBM Storage Ceph is vulnerable to Out-of-bounds Write in the RHEL UBI (CVE-2023-29491)
2024-01-19 22:00:03
Security Bulletin: TSSC/IMC is vulnerable to a denial of service attack due to ncruses (CVE-2023-29491)
2024-06-20 23:48:43
almalinux
almalinux
Moderate: ncurses security update
2023-09-19 00:00:00
Moderate: ncurses security and bug fix update
2023-11-07 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0445
2021-10-20 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0314
2021-10-16 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0024
2023-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: ncurses-6.4-7.20230520.fc38
2024-01-31 01:42:30
mmpc
mmpc
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
mssecure
mssecure
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

JSON
Related for DEBIAN_DLA-3682.NASL
openvas33osv7debian1alpinelinux2nvd2suse2nessus51debiancve2redhatcve2cbl_mariner4cvelist2cve2veracode2prion2ubuntu2cloudfoundry1ubuntucve4amazon3oraclelinux2mageia1broadcom1thn1redos1redhat53ibm8almalinux2photon3fedora1mmpc1mssecure1