Lucene search
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2017-305.NASLHistoryMar 07, 2017 - 12:00 a.m.
openSUSE Security Update : util-linux (openSUSE-2017-305)
2017-03-0700:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
5.1%
This update for util-linux fixes the following issues :
This security issue was fixed :
- CVE-2017-2616: In su with PAM support it was possible for local users to send SIGKILL to selected other processes with root privileges (bsc#1023041).
This non-security issues were fixed :
-
lscpu: Implement WSL detection and work around crash (bsc#1019332)
-
fstrim: De-duplicate btrfs sub-volumes for ‘fstrim -a’ and bind mounts (bsc#1020077)
-
Fix regressions in safe loop re-use patch set for libmount (bsc#1012504)
-
Disable ro checks for mtab (bsc#1012632)
-
Ensure that the option ‘users,exec,dev,suid’ work as expected on NFS mounts (bsc#1008965)
This update was imported from the SUSE:SLE-12-SP1:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-305.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(97564);
script_version("3.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-2616");
script_name(english:"openSUSE Security Update : util-linux (openSUSE-2017-305)");
script_summary(english:"Check for the openSUSE-2017-305 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for util-linux fixes the following issues :
This security issue was fixed :
- CVE-2017-2616: In su with PAM support it was possible
for local users to send SIGKILL to selected other
processes with root privileges (bsc#1023041).
This non-security issues were fixed :
- lscpu: Implement WSL detection and work around crash
(bsc#1019332)
- fstrim: De-duplicate btrfs sub-volumes for 'fstrim -a'
and bind mounts (bsc#1020077)
- Fix regressions in safe loop re-use patch set for
libmount (bsc#1012504)
- Disable ro checks for mtab (bsc#1012632)
- Ensure that the option 'users,exec,dev,suid' work as
expected on NFS mounts (bsc#1008965)
This update was imported from the SUSE:SLE-12-SP1:Update update
project."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1008965"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012504"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012632"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1019332"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020077"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1023041"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected util-linux packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libblkid1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libmount1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsmartcols1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuuid1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libmount");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libmount-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libmount-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-systemd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-systemd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux-systemd-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:uuidd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:uuidd-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"patch_publication_date", value:"2017/03/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.1", reference:"libblkid-devel-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libblkid1-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libblkid1-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libmount-devel-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libmount1-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libmount1-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libsmartcols-devel-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libsmartcols1-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libsmartcols1-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libuuid-devel-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libuuid1-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libuuid1-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"python-libmount-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"python-libmount-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"python-libmount-debugsource-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-debugsource-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-lang-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-systemd-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-systemd-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"util-linux-systemd-debugsource-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"uuidd-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"uuidd-debuginfo-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libblkid-devel-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libblkid1-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libblkid1-debuginfo-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libmount-devel-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libmount1-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libmount1-debuginfo-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libuuid-devel-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libuuid1-32bit-2.25-21.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libuuid1-debuginfo-32bit-2.25-21.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-libmount / python-libmount-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libblkid-devel | p-cpe:/a:novell:opensuse:libblkid-devel |
| novell | opensuse | libblkid-devel-32bit | p-cpe:/a:novell:opensuse:libblkid-devel-32bit |
| novell | opensuse | libblkid1 | p-cpe:/a:novell:opensuse:libblkid1 |
| novell | opensuse | libblkid1-32bit | p-cpe:/a:novell:opensuse:libblkid1-32bit |
| novell | opensuse | libblkid1-debuginfo | p-cpe:/a:novell:opensuse:libblkid1-debuginfo |
| novell | opensuse | libblkid1-debuginfo-32bit | p-cpe:/a:novell:opensuse:libblkid1-debuginfo-32bit |
| novell | opensuse | libmount-devel | p-cpe:/a:novell:opensuse:libmount-devel |
| novell | opensuse | libmount-devel-32bit | p-cpe:/a:novell:opensuse:libmount-devel-32bit |
| novell | opensuse | libmount1 | p-cpe:/a:novell:opensuse:libmount1 |
| novell | opensuse | libmount1-32bit | p-cpe:/a:novell:opensuse:libmount1-32bit |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2616
bugzilla.opensuse.org/show_bug.cgi?id=1008965
bugzilla.opensuse.org/show_bug.cgi?id=1012504
bugzilla.opensuse.org/show_bug.cgi?id=1012632
bugzilla.opensuse.org/show_bug.cgi?id=1019332
bugzilla.opensuse.org/show_bug.cgi?id=1020077
bugzilla.opensuse.org/show_bug.cgi?id=1023041
Related
oraclelinux
oraclelinux
util-linux security and bug fix update
2017-04-12 00:00:00
coreutils security and bug fix update
2017-03-27 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2017-1084)
2020-01-23 00:00:00
CentOS Update for libblkid CESA-2017:0907 centos7
2017-04-14 00:00:00
Mageia: Security Advisory (MGASA-2017-0072)
2022-01-28 00:00:00
nessus
nessus
Amazon Linux AMI : util-linux (ALAS-2017-823)
2017-04-28 00:00:00
NewStart CGSL MAIN 4.05 : coreutils Vulnerability (NS-SA-2019-0107)
2019-08-12 00:00:00
RHEL 6 : coreutils (RHSA-2017:0654)
2017-03-22 00:00:00
alpinelinux
alpinelinux
CVE-2017-2616
2018-07-27 19:29:00
debian
debian
[SECURITY] [DLA 838-1] shadow security update
2017-02-26 23:29:19
[SECURITY] [DSA 3793-1] shadow security update
2017-02-24 19:00:46
[SECURITY] [DSA 3793-1] shadow security update
2017-02-24 19:00:46
redhatcve
redhatcve
CVE-2017-2616
2017-02-22 08:48:14
amazon
amazon
Medium: util-linux
2017-04-27 00:00:00
suse
suse
Security update for util-linux (important)
2017-03-02 15:14:19
Security update for util-linux (important)
2017-03-02 15:15:48
Security update for util-linux (important)
2017-02-23 12:12:16
osv
osv
shadow - security update
2017-02-26 00:00:00
CVE-2017-2616
2018-07-27 19:29:00
shadow - security update
2017-02-24 00:00:00
cve
cve
CVE-2017-2616
2018-07-27 19:29:00
nvd
nvd
CVE-2017-2616
2018-07-27 19:29:00
prion
prion
Race condition
2018-07-27 19:29:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:15:55
ibm
ibm
ubuntucve
ubuntucve
CVE-2017-2616
2017-02-22 00:00:00
redhat
redhat
(RHSA-2017:0654) Moderate: coreutils security and bug fix update
2017-03-21 06:17:45
(RHSA-2017:0907) Moderate: util-linux security and bug fix update
2017-04-12 10:02:50
centos
centos
libblkid, libmount, libuuid, util, uuidd security update
2017-04-13 10:59:33
coreutils security update
2017-03-24 15:28:29
cvelist
cvelist
CVE-2017-2616
2018-07-27 19:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: util-linux-2.28.2-2.fc24
2017-03-01 01:21:54
[SECURITY] Fedora 25 Update: util-linux-2.28.2-2.fc25
2017-02-24 22:51:44
mageia
mageia
Updated util-linux packages fix security vulnerability
2017-03-03 13:09:43
debiancve
debiancve
CVE-2017-2616
2018-07-27 19:29:00
ubuntu
ubuntu
shadow regression
2017-05-17 00:00:00
shadow vulnerabilities
2017-05-05 00:00:00
shadow vulnerability
2017-11-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0086
2020-05-07 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0086
2020-05-07 00:00:00
gentoo
gentoo
Shadow: Multiple vulnerabilities
2017-06-06 00:00:00
cloudfoundry
cloudfoundry
USN-3276-2: shadow regression | Cloud Foundry
2017-06-02 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1992
2021-07-02 18:18:58
CVSS2
4.7
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0
Percentile
5.1%
Related for OPENSUSE-2017-305.NASL