CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.7%
Update to 8.38 and fix various CVE’s
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2016-fd1199dbe2.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(89647);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-3210", "CVE-2015-5073", "CVE-2015-8383", "CVE-2015-8384", "CVE-2015-8385", "CVE-2015-8386", "CVE-2015-8387", "CVE-2015-8388", "CVE-2015-8389", "CVE-2015-8390", "CVE-2015-8391", "CVE-2015-8392", "CVE-2015-8393", "CVE-2015-8394", "CVE-2015-8395");
script_xref(name:"FEDORA", value:"2016-fd1199dbe2");
script_name(english:"Fedora 23 : mingw-pcre-8.38-1.fc23 (2016-fd1199dbe2)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Update to 8.38 and fix various CVE's
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1236660"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1237225"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1249905"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1250947"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1256453"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287616"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287626"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287631"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287640"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287648"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287656"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287661"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287668"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287673"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287692"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287698"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287704"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1287720"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2016-February/177340.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?7a044b08"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mingw-pcre package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-pcre");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC23", reference:"mingw-pcre-8.38-1.fc23")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-pcre");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8389
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8395
www.nessus.org/u?7a044b08
bugzilla.redhat.com/show_bug.cgi?id=1236660
bugzilla.redhat.com/show_bug.cgi?id=1237225
bugzilla.redhat.com/show_bug.cgi?id=1249905
bugzilla.redhat.com/show_bug.cgi?id=1250947
bugzilla.redhat.com/show_bug.cgi?id=1256453
bugzilla.redhat.com/show_bug.cgi?id=1287616
bugzilla.redhat.com/show_bug.cgi?id=1287626
bugzilla.redhat.com/show_bug.cgi?id=1287631
bugzilla.redhat.com/show_bug.cgi?id=1287640
bugzilla.redhat.com/show_bug.cgi?id=1287648
bugzilla.redhat.com/show_bug.cgi?id=1287656
bugzilla.redhat.com/show_bug.cgi?id=1287661
bugzilla.redhat.com/show_bug.cgi?id=1287668
bugzilla.redhat.com/show_bug.cgi?id=1287673
bugzilla.redhat.com/show_bug.cgi?id=1287692
bugzilla.redhat.com/show_bug.cgi?id=1287698
bugzilla.redhat.com/show_bug.cgi?id=1287704
bugzilla.redhat.com/show_bug.cgi?id=1287720
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:P/I:P/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
95.7%