Lucene search
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2015-34.NASLHistoryJan 19, 2015 - 12:00 a.m.
openSUSE Security Update : util-linux (openSUSE-SU-2015:0066-1)
2015-01-1900:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
util-linux was updated to fix a security issue, where local attackers might be able to execute code as root with a prepared USB stick (CVE-2014-9114 bsc#907434).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2015-34.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(80579);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2014-9114");
script_name(english:"openSUSE Security Update : util-linux (openSUSE-SU-2015:0066-1)");
script_summary(english:"Check for the openSUSE-2015-34 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"util-linux was updated to fix a security issue, where local attackers
might be able to execute code as root with a prepared USB stick
(CVE-2014-9114 bsc#907434)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=907434"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected util-linux packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libmount");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libmount-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libmount-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-systemd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-systemd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-systemd-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:uuidd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:uuidd-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
script_set_attribute(attribute:"patch_publication_date", value:"2015/01/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"libblkid-devel-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libblkid1-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libblkid1-debuginfo-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmount-devel-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmount1-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libmount1-debuginfo-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libuuid-devel-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libuuid1-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libuuid1-debuginfo-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"util-linux-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"util-linux-debuginfo-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"util-linux-debugsource-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"util-linux-lang-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"uuidd-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"uuidd-debuginfo-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libblkid-devel-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libblkid1-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libblkid1-debuginfo-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmount-devel-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmount1-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libmount1-debuginfo-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libuuid-devel-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libuuid1-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"libuuid1-debuginfo-32bit-2.23.2-24.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libblkid-devel-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libblkid-devel-static-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libblkid1-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libblkid1-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libmount-devel-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libmount-devel-static-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libmount1-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libmount1-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libsmartcols-devel-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libsmartcols-devel-static-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libsmartcols1-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libsmartcols1-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libuuid-devel-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libuuid-devel-static-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libuuid1-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"libuuid1-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-libmount-2.25.1-9.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-libmount-debuginfo-2.25.1-9.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-libmount-debugsource-2.25.1-9.2") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-debugsource-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-lang-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-systemd-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-systemd-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"util-linux-systemd-debugsource-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"uuidd-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"uuidd-debuginfo-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libblkid-devel-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libblkid1-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libblkid1-debuginfo-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libmount-devel-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libmount1-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libmount1-debuginfo-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libuuid-devel-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libuuid1-32bit-2.25.1-9.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", cpu:"x86_64", reference:"libuuid1-debuginfo-32bit-2.25.1-9.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libblkid-devel / libblkid-devel-32bit / libblkid1 / libblkid1-32bit / etc");
}
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0517)
2022-01-28 00:00:00
Fedora Update for util-linux FEDORA-2014-16016
2014-12-05 00:00:00
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2019-2061)
2020-01-23 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : util-linux (MDVSA-2015:122)
2015-03-30 00:00:00
EulerOS 2.0 SP2 : util-linux (EulerOS-SA-2019-1737)
2019-07-22 00:00:00
SUSE SLED12 / SLES12 Security Update : util-linux (SUSE-SU-2015:0270-1)
2015-05-20 00:00:00
gentoo
gentoo
util-linux: Arbitrary code execution
2016-12-06 00:00:00
securityvulns
securityvulns
util-linux blkid commands injection
2015-04-19 00:00:00
[ MDVSA-2015:122 ] util-linux
2015-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: util-linux-2.24.2-2.fc20
2014-12-04 06:24:06
[SECURITY] Fedora 21 Update: util-linux-2.25.2-2.fc21
2014-12-15 04:33:25
nvd
nvd
CVE-2014-9114
2017-03-31 16:59:00
archlinux
archlinux
util-linux: command injection
2015-03-24 00:00:00
debiancve
debiancve
CVE-2014-9114
2017-03-31 16:59:00
cvelist
cvelist
CVE-2014-9114
2017-03-31 15:00:00
prion
prion
Code injection
2017-03-31 16:59:00
mageia
mageia
Updated util-linux packages fix CVE-2014-9114
2014-12-09 23:12:41
ubuntucve
ubuntucve
CVE-2014-9114
2017-03-31 00:00:00
cve
cve
CVE-2014-9114
2017-03-31 16:59:00
osv
osv
libblkid-devel-2.28.2-2.1 on GA media
2024-06-15 00:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for OPENSUSE-2015-34.NASL