Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-102.NASLHistoryJan 27, 2020 - 12:00 a.m.
openSUSE Security Update : libssh (openSUSE-2020-102)
2020-01-2700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.7%
This update for libssh fixes the following issues :
- CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-102.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(133251);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/28");
script_cve_id("CVE-2019-14889");
script_xref(name:"IAVA", value:"2020-A-0203");
script_name(english:"openSUSE Security Update : libssh (openSUSE-2020-102)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for libssh fixes the following issues :
- CVE-2019-14889: Fixed an unwanted command execution in
scp caused by unsanitized location (bsc#1158095).
This update was imported from the SUSE:SLE-15-SP1:Update update
project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158095");
script_set_attribute(attribute:"solution", value:
"Update the affected libssh packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14889");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh4");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh4-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh4-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libssh4-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.1", reference:"libssh-debugsource-0.8.7-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libssh-devel-0.8.7-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libssh4-0.8.7-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libssh4-debuginfo-0.8.7-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libssh4-32bit-0.8.7-lp151.2.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libssh4-32bit-debuginfo-0.8.7-lp151.2.9.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libssh-debugsource / libssh-devel / libssh4 / libssh4-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libssh-debugsource | p-cpe:/a:novell:opensuse:libssh-debugsource |
| novell | opensuse | libssh-devel | p-cpe:/a:novell:opensuse:libssh-devel |
| novell | opensuse | libssh4 | p-cpe:/a:novell:opensuse:libssh4 |
| novell | opensuse | libssh4-32bit | p-cpe:/a:novell:opensuse:libssh4-32bit |
| novell | opensuse | libssh4-32bit-debuginfo | p-cpe:/a:novell:opensuse:libssh4-32bit-debuginfo |
| novell | opensuse | libssh4-debuginfo | p-cpe:/a:novell:opensuse:libssh4-debuginfo |
| novell | opensuse | 15.1 | cpe:/o:novell:opensuse:15.1 |
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2020:0129-1)
2020-01-21 00:00:00
GLSA-202003-27 : libssh: Arbitrary command execution
2020-03-16 00:00:00
SUSE SLED12 / SLES12 Security Update : libssh (SUSE-SU-2020:0139-1)
2020-01-21 00:00:00
suse
suse
Security update for libssh (important)
2020-01-25 00:00:00
Security update for libssh (important)
2019-12-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for libssh (openSUSE-SU-2020:0102_1)
2020-01-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0131-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0130-1)
2021-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2019-14889
2019-12-10 00:00:00
mageia
mageia
Updated libssh packages fix security vulnerability
2019-12-19 16:44:26
alpinelinux
alpinelinux
CVE-2019-14889
2019-12-10 23:15:10
debian
debian
[SECURITY] [DLA 2038-1] libssh security update
2019-12-17 12:42:41
[SECURITY] [DLA 3437-1] libssh security update
2023-05-29 22:01:33
fedora
fedora
[SECURITY] Fedora 31 Update: libssh-0.9.3-1.fc31
2019-12-18 01:56:36
[SECURITY] Fedora 30 Update: libssh-0.9.3-1.fc30
2020-01-03 20:36:26
osv
osv
CVE-2019-14889
2019-12-10 23:15:10
libssh - security update
2019-12-17 00:00:00
libssh - security update
2023-05-29 00:00:00
nvd
nvd
CVE-2019-14889
2019-12-10 23:15:10
gentoo
gentoo
libssh: Arbitrary command execution
2020-03-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libssh version 0.8.8-alt1
2020-03-13 00:00:00
Security fix for the ALT Linux 9 package libssh version 0.9.3-alt1
2019-12-14 00:00:00
redhatcve
redhatcve
CVE-2019-14889
2020-04-07 17:03:58
freebsd
freebsd
veracode
veracode
Arbitrary Code Execution
2019-12-11 04:07:33
ubuntu
ubuntu
libssh vulnerability
2019-12-10 00:00:00
cve
cve
CVE-2019-14889
2019-12-10 23:15:10
prion
prion
Command injection
2019-12-10 23:15:00
debiancve
debiancve
CVE-2019-14889
2019-12-10 23:15:10
cvelist
cvelist
CVE-2019-14889
2019-12-10 00:00:00
rocky
rocky
libssh security, bug fix, and enhancement update
2020-11-03 12:14:19
almalinux
almalinux
Moderate: libssh security, bug fix, and enhancement update
2020-11-03 12:14:19
redhat
redhat
(RHSA-2020:4545) Moderate: libssh security, bug fix, and enhancement update
2020-11-03 12:14:19
(RHSA-2021:2021) Moderate: Release of OpenShift Serverless 1.10.2 security update
2021-05-19 02:03:59
(RHSA-2021:0146) Moderate: Release of OpenShift Serverless 1.12.0
2021-01-14 13:24:22
oraclelinux
oraclelinux
libssh security, bug fix, and enhancement update
2020-11-10 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - April 2020
2020-04-14 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.7%
Related for OPENSUSE-2020-102.NASL