CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
90.7%
Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427 CVE-2017-15429
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2017-c2645aa935.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(105968);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2017-15407", "CVE-2017-15408", "CVE-2017-15409", "CVE-2017-15410", "CVE-2017-15411", "CVE-2017-15412", "CVE-2017-15413", "CVE-2017-15415", "CVE-2017-15416", "CVE-2017-15417", "CVE-2017-15418", "CVE-2017-15419", "CVE-2017-15420", "CVE-2017-15422", "CVE-2017-15423", "CVE-2017-15424", "CVE-2017-15425", "CVE-2017-15426", "CVE-2017-15427", "CVE-2017-15429");
script_xref(name:"FEDORA", value:"2017-c2645aa935");
script_name(english:"Fedora 27 : chromium (2017-c2645aa935)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407
CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411
CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417
CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423
CVE-2017-15424 CVE-2017-15425 CVE-2017-15426 CVE-2017-15427
CVE-2017-15429
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2645aa935"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected chromium package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/28");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC27", reference:"chromium-63.0.3239.108-1.fc27")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "chromium");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15407
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15408
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15410
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15411
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15413
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15415
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15416
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15417
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15419
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15420
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15423
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15424
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15426
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15427
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15429
bodhi.fedoraproject.org/updates/FEDORA-2017-c2645aa935
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
90.7%