Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.OPENSUSE-2015-248.NASL
HistoryMar 24, 2015 - 12:00 a.m.

openSUSE Security Update : libarchive (openSUSE-2015-248)

2015-03-2400:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
18

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.011 Low

EPSS

Percentile

84.8%

JSON

libarchive was updated to fix a directory traversal in the bsdcpio tool, which allowed attackers supplying crafted archives to overwrite files. (CVE-2015-2304)

Also, a integer overflow was fixed that could also overflow buffers.
(CVE-2013-0211)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-248.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82012);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-0211", "CVE-2015-2304");

  script_name(english:"openSUSE Security Update : libarchive (openSUSE-2015-248)");
  script_summary(english:"Check for the openSUSE-2015-248 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"libarchive was updated to fix a directory traversal in the bsdcpio
tool, which allowed attackers supplying crafted archives to overwrite
files. (CVE-2015-2304)

Also, a integer overflow was fixed that could also overflow buffers.
(CVE-2013-0211)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=800024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920870"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libarchive packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bsdtar-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.1", reference:"bsdtar-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"bsdtar-debuginfo-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libarchive-debugsource-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libarchive-devel-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libarchive13-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libarchive13-debuginfo-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libarchive13-32bit-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libarchive13-debuginfo-32bit-3.1.2-3.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"bsdtar-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"bsdtar-debuginfo-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libarchive-debugsource-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libarchive-devel-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libarchive13-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libarchive13-debuginfo-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libarchive13-32bit-3.1.2-7.5.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libarchive13-debuginfo-32bit-3.1.2-7.5.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdtar / bsdtar-debuginfo / libarchive-debugsource / etc");
}
VendorProductVersionCPE
novellopensusebsdtarp-cpe:/a:novell:opensuse:bsdtar
novellopensusebsdtar-debuginfop-cpe:/a:novell:opensuse:bsdtar-debuginfo
novellopensuselibarchive-debugsourcep-cpe:/a:novell:opensuse:libarchive-debugsource
novellopensuselibarchive-develp-cpe:/a:novell:opensuse:libarchive-devel
novellopensuselibarchive13p-cpe:/a:novell:opensuse:libarchive13
novellopensuselibarchive13-32bitp-cpe:/a:novell:opensuse:libarchive13-32bit
novellopensuselibarchive13-debuginfop-cpe:/a:novell:opensuse:libarchive13-debuginfo
novellopensuselibarchive13-debuginfo-32bitp-cpe:/a:novell:opensuse:libarchive13-debuginfo-32bit
novellopensuse13.1cpe:/o:novell:opensuse:13.1
novellopensuse13.2cpe:/o:novell:opensuse:13.2

Related

openvas 24
nessus 25
freebsd 1
ubuntu 1
ubuntucve 2
prion 2
osv 2
freebsd_advisory 2
debiancve 2
cve 2
nvd 2
cvelist 2
fedora 4
securityvulns 3
altlinux 1
gentoo 2
suse 1
rosalinux 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0667-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-2549-1)
2015-03-26 00:00:00
Splunk 5.x - 6.4.x Multiple Vulnerabilities
2016-09-19 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : libarchive vulnerabilities (USN-2549-1)
2015-03-26 00:00:00
FreeBSD : libarchive -- multiple vulnerabilities (7c63775e-be31-11e5-b5fe-002590263bf5)
2016-01-19 00:00:00
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2015:0667-1)
2015-05-20 00:00:00
freebsd
freebsd
libarchive -- multiple vulnerabilities
2012-12-06 00:00:00
ubuntu
ubuntu
libarchive vulnerabilities
2015-03-25 00:00:00
ubuntucve
ubuntucve
CVE-2015-2304
2015-03-15 00:00:00
CVE-2013-0211
2013-03-25 00:00:00
prion
prion
Path traversal
2015-03-15 19:59:00
Integer overflow
2013-09-30 22:55:00
osv
osv
libarchive - security update
2015-03-07 00:00:00
libarchive - security update
2015-03-05 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:22.libarchive
2016-05-31 00:00:00
FreeBSD-SA-16:23.libarchive
2016-05-31 00:00:00
debiancve
debiancve
CVE-2015-2304
2015-03-15 19:59:00
CVE-2013-0211
2013-09-30 22:55:04
cve
cve
CVE-2015-2304
2015-03-15 19:59:00
CVE-2013-0211
2013-09-30 22:55:04
nvd
nvd
CVE-2015-2304
2015-03-15 19:59:00
CVE-2013-0211
2013-09-30 22:55:04
cvelist
cvelist
CVE-2015-2304
2015-03-15 19:00:00
CVE-2013-0211
2013-09-30 20:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: libarchive-3.0.4-3.fc17
2013-04-12 22:27:24
[SECURITY] Fedora 18 Update: mingw-libarchive-3.0.4-4.fc18
2013-04-08 00:22:17
[SECURITY] Fedora 17 Update: mingw-libarchive-3.0.4-4.fc17
2013-04-08 00:26:15
securityvulns
securityvulns
libarchive integer overflow
2013-05-06 00:00:00
[ MDVSA-2013:147 ] libarchive
2013-05-06 00:00:00
libarchive directory traversal
2015-04-20 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package libarchive version 3.1.2-alt2
2015-08-05 00:00:00
gentoo
gentoo
libarchive: Multiple vulnerabilities
2014-06-01 00:00:00
libarchive: Multiple vulnerabilities
2017-01-01 00:00:00
suse
suse
Security update for bsdtar (important)
2016-08-02 17:08:50
rosalinux
rosalinux
Advisory ROSA-SA-2021-1862
2021-07-02 17:10:44

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.011 Low

EPSS

Percentile

84.8%

JSON
Related for OPENSUSE-2015-248.NASL
openvas24nessus25freebsd1ubuntu1ubuntucve2prion2osv2freebsd_advisory2debiancve2cve2nvd2cvelist2fedora4securityvulns3altlinux1gentoo2suse1rosalinux1