Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-506.NASLHistoryApr 14, 2020 - 12:00 a.m.
openSUSE Security Update : mgetty (openSUSE-2020-506)
2020-04-1400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
26.2%
This update for mgetty fixes the following issues :
-
CVE-2019-1010190: Fixed a denial of service which could be caused by a local attacker in putwhitespan() (bsc#1142770).
-
Fixed a permission issue which have resulted in build failures (bsc#1168170).
This update was imported from the SUSE:SLE-15:Update update project.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-506.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(135450);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/19");
script_cve_id("CVE-2019-1010190");
script_name(english:"openSUSE Security Update : mgetty (openSUSE-2020-506)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for mgetty fixes the following issues :
- CVE-2019-1010190: Fixed a denial of service which could
be caused by a local attacker in putwhitespan()
(bsc#1142770).
- Fixed a permission issue which have resulted in build
failures (bsc#1168170).
This update was imported from the SUSE:SLE-15:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1142770");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1168170");
script_set_attribute(attribute:"solution", value:
"Update the affected mgetty packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1010190");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/24");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:g3utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:g3utils-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mgetty");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mgetty-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mgetty-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sendfax");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sendfax-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.1", reference:"g3utils-1.1.37-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"g3utils-debuginfo-1.1.37-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mgetty-1.1.37-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mgetty-debuginfo-1.1.37-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"mgetty-debugsource-1.1.37-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"sendfax-1.1.37-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"sendfax-debuginfo-1.1.37-lp151.4.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "g3utils / g3utils-debuginfo / mgetty / mgetty-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | g3utils | p-cpe:/a:novell:opensuse:g3utils |
| novell | opensuse | g3utils-debuginfo | p-cpe:/a:novell:opensuse:g3utils-debuginfo |
| novell | opensuse | mgetty | p-cpe:/a:novell:opensuse:mgetty |
| novell | opensuse | mgetty-debuginfo | p-cpe:/a:novell:opensuse:mgetty-debuginfo |
| novell | opensuse | mgetty-debugsource | p-cpe:/a:novell:opensuse:mgetty-debugsource |
| novell | opensuse | sendfax | p-cpe:/a:novell:opensuse:sendfax |
| novell | opensuse | sendfax-debuginfo | p-cpe:/a:novell:opensuse:sendfax-debuginfo |
| novell | opensuse | 15.1 | cpe:/o:novell:opensuse:15.1 |
Related
nessus
nessus
EulerOS 2.0 SP2 : mgetty (EulerOS-SA-2021-2408)
2021-09-14 00:00:00
EulerOS 2.0 SP5 : mgetty (EulerOS-SA-2021-1689)
2021-03-24 00:00:00
SUSE SLES12 Security Update : mgetty (SUSE-SU-2020:0853-1)
2020-04-03 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for mgetty (EulerOS-SA-2021-1818)
2021-05-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0957-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for mgetty (EulerOS-SA-2021-2408)
2021-09-15 00:00:00
cvelist
cvelist
CVE-2019-1010190
2019-07-24 12:11:58
suse
suse
Security update for mgetty (moderate)
2020-04-12 00:00:00
prion
prion
Design/Logic Flaw
2019-07-24 13:15:00
redhatcve
redhatcve
CVE-2019-1010190
2019-08-13 06:21:31
debiancve
debiancve
CVE-2019-1010190
2019-07-24 13:15:11
nvd
nvd
CVE-2019-1010190
2019-07-24 13:15:11
cve
cve
CVE-2019-1010190
2019-07-24 13:15:11
ubuntucve
ubuntucve
CVE-2019-1010190
2019-07-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1919
2021-07-02 17:29:39
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
26.2%
Related for OPENSUSE-2020-506.NASL