Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-2494.NASL
HistoryNov 13, 2019 - 12:00 a.m.

openSUSE Security Update : gdb (openSUSE-2019-2494)

2019-11-1300:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON

This update for gdb fixes the following issues :

Update to gdb 8.3.1: (jsc#ECO-368)

Security issues fixed :

  • CVE-2019-1010180: Fixed a potential buffer overflow when loading ELF sections larger than the file. (bsc#1142772)

Upgrade libipt from v2.0 to v2.0.1.

  • Enable librpm for version > librpm.so.3 [bsc#1145692] :

  • Allow any librpm.so.x

  • Add %build test to check for ‘zypper install <rpm-packagename>’ message

  • Copy gdbinit from fedora master @ 25caf28. Add gdbinit.without-python, and use it for --without=python.

Rebase to 8.3 release (as in fedora 30 @ 1e222a3).

  • DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries.

  • Ada task switching is now supported on aarch64-elf targets when debugging a program using the Ravenscar Profile.

  • Terminal styling is now available for the CLI and the TUI.

  • Removed support for old demangling styles arm, edg, gnu, hp and lucid.

  • Support for new native configuration RISC-V GNU/Linux (riscv*--linux).

  • Implemented access to more POWER8 registers.
    [fate#326120, fate#325178]

  • Handle most of new s390 arch13 instructions.
    [fate#327369, jsc#ECO-368]

This update was imported from the SUSE:SLE-15-SP1:Update update project.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-2494.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('compat.inc');

if (description)
{
  script_id(130940);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2019-1010180");

  script_name(english:"openSUSE Security Update : gdb (openSUSE-2019-2494)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for gdb fixes the following issues :

Update to gdb 8.3.1: (jsc#ECO-368)

Security issues fixed :

  - CVE-2019-1010180: Fixed a potential buffer overflow when
    loading ELF sections larger than the file. (bsc#1142772)

Upgrade libipt from v2.0 to v2.0.1.

  - Enable librpm for version > librpm.so.3 [bsc#1145692] :

  - Allow any librpm.so.x

  - Add %build test to check for 'zypper install
    <rpm-packagename>' message

  - Copy gdbinit from fedora master @ 25caf28. Add
    gdbinit.without-python, and use it for --without=python.

Rebase to 8.3 release (as in fedora 30 @ 1e222a3).

  - DWARF index cache: GDB can now automatically save
    indices of DWARF symbols on disk to speed up further
    loading of the same binaries.

  - Ada task switching is now supported on aarch64-elf
    targets when debugging a program using the Ravenscar
    Profile.

  - Terminal styling is now available for the CLI and the
    TUI.

  - Removed support for old demangling styles arm, edg, gnu,
    hp and lucid.

  - Support for new native configuration RISC-V GNU/Linux
    (riscv*-*-linux*).

  - Implemented access to more POWER8 registers.
    [fate#326120, fate#325178]

  - Handle most of new s390 arch13 instructions.
    [fate#327369, jsc#ECO-368]

This update was imported from the SUSE:SLE-15-SP1:Update update
project.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1115034");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142772");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1145692");
  script_set_attribute(attribute:"see_also", value:"https://features.opensuse.org/325178");
  script_set_attribute(attribute:"see_also", value:"https://features.opensuse.org/326120");
  script_set_attribute(attribute:"see_also", value:"https://features.opensuse.org/327369");
  script_set_attribute(attribute:"solution", value:
"Update the affected gdb packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1010180");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdb-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdb-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdb-testresults");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdbserver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gdbserver-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"gdb-8.3.1-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gdb-debuginfo-8.3.1-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gdb-debugsource-8.3.1-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gdb-testresults-8.3.1-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gdbserver-8.3.1-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gdbserver-debuginfo-8.3.1-lp151.4.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdb / gdb-debuginfo / gdb-debugsource / gdb-testresults / gdbserver / etc");
}
VendorProductVersionCPE
novellopensusegdbp-cpe:/a:novell:opensuse:gdb
novellopensusegdb-debuginfop-cpe:/a:novell:opensuse:gdb-debuginfo
novellopensusegdb-debugsourcep-cpe:/a:novell:opensuse:gdb-debugsource
novellopensusegdb-testresultsp-cpe:/a:novell:opensuse:gdb-testresults
novellopensusegdbserverp-cpe:/a:novell:opensuse:gdbserver
novellopensusegdbserver-debuginfop-cpe:/a:novell:opensuse:gdbserver-debuginfo
novellopensuse15.1cpe:/o:novell:opensuse:15.1

Related

gentoo 1
openvas 20
cve 1
nessus 27
cvelist 1
redhat 3
veracode 1
ubuntucve 1
redhatcve 1
debiancve 1
suse 4
nvd 1
rosalinux 2
mageia 1
cbl_mariner 1
oraclelinux 1
alpinelinux 1
prion 1
photon 6
ics 1
gentoo
gentoo
gdb: Buffer overflow
2020-03-15 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for crash (EulerOS-SA-2023-1378)
2023-02-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2916-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2902-1)
2021-06-09 00:00:00
cve
cve
CVE-2019-1010180
2019-07-24 13:15:10
nessus
nessus
CentOS 8 : gdb (CESA-2020:1635)
2021-02-01 00:00:00
Oracle Linux 8 : gdb (ELSA-2020-1635)
2023-09-07 00:00:00
SUSE SLED12 / SLES12 Security Update : gdb (SUSE-SU-2019:2916-1)
2019-11-08 00:00:00
cvelist
cvelist
CVE-2019-1010180
2019-07-24 12:01:08
redhat
redhat
(RHSA-2020:1635) Moderate: gdb security and bug fix update
2020-04-28 08:59:01
(RHSA-2020:3194) Important: Container-native Virtualization security, bug fix, and enhancement update
2020-07-28 18:02:45
(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update
2020-10-27 14:57:54
veracode
veracode
Denial Of Service (DoS)
2020-04-29 02:45:23
ubuntucve
ubuntucve
CVE-2019-1010180
2019-07-24 00:00:00
redhatcve
redhatcve
CVE-2019-1010180
2019-08-13 11:51:15
debiancve
debiancve
CVE-2019-1010180
2019-07-24 13:15:10
suse
suse
Security update for gdb (moderate)
2019-11-12 00:00:00
Security update for gdb (moderate)
2019-11-13 00:00:00
Security update for binutils (moderate)
2019-11-05 00:00:00
nvd
nvd
CVE-2019-1010180
2019-07-24 13:15:10
rosalinux
rosalinux
Advisory ROSA-SA-2023-2291
2023-11-07 10:01:07
Advisory ROSA-SA-2021-1839
2021-07-02 16:44:19
mageia
mageia
Updated gdb packages fix security vulnerability
2020-05-30 00:18:57
cbl_mariner
cbl_mariner
CVE-2019-1010180 affecting package gdb 8.3-4
2020-11-30 19:30:56
oraclelinux
oraclelinux
gdb security and bug fix update
2020-05-05 00:00:00
alpinelinux
alpinelinux
CVE-2019-1010180
2019-07-24 13:15:00
prion
prion
Buffer overflow
2019-07-24 13:15:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0225
2020-04-04 00:00:00
Important Photon OS Security Update - PHSA-2020-0225
2020-04-04 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0287
2020-04-04 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.8%

JSON
Related for OPENSUSE-2019-2494.NASL
gentoo1openvas20cve1nessus27cvelist1redhat3veracode1ubuntucve1redhatcve1debiancve1suse4nvd1rosalinux2mageia1cbl_mariner1oraclelinux1alpinelinux1prion1photon6ics1