CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.8%
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0258-2 advisory.
- Chromium 128.0.6613.84 (boo#1229591)
* CVE-2024-7964: Use after free in Passwords
* CVE-2024-7965: Inappropriate implementation in V8
* CVE-2024-7966: Out of bounds memory access in Skia
* CVE-2024-7967: Heap buffer overflow in Fonts
* CVE-2024-7968: Use after free in Autofill
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-7971: Type confusion in V8
* CVE-2024-7972: Inappropriate implementation in V8
* CVE-2024-7973: Heap buffer overflow in PDFium
* CVE-2024-7974: Insufficient data validation in V8 API
* CVE-2024-7975: Inappropriate implementation in Permissions
* CVE-2024-7976: Inappropriate implementation in FedCM
* CVE-2024-7977: Insufficient data validation in Installer
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
* CVE-2024-7979: Insufficient data validation in Installer
* CVE-2024-7980: Insufficient data validation in Installer
* CVE-2024-7981: Inappropriate implementation in Views
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
* CVE-2024-8035: Inappropriate implementation in Extensions
* Various fixes from internal audits, fuzzing and other initiatives
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2024:0258-2. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(206193);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/30");
script_cve_id(
"CVE-2024-7964",
"CVE-2024-7965",
"CVE-2024-7966",
"CVE-2024-7967",
"CVE-2024-7968",
"CVE-2024-7969",
"CVE-2024-7971",
"CVE-2024-7972",
"CVE-2024-7973",
"CVE-2024-7974",
"CVE-2024-7975",
"CVE-2024-7976",
"CVE-2024-7977",
"CVE-2024-7978",
"CVE-2024-7979",
"CVE-2024-7980",
"CVE-2024-7981",
"CVE-2024-8033",
"CVE-2024-8034",
"CVE-2024-8035"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/09/18");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/09/16");
script_name(english:"openSUSE 15 Security Update : chromium (openSUSE-SU-2024:0258-2)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the
openSUSE-SU-2024:0258-2 advisory.
- Chromium 128.0.6613.84 (boo#1229591)
* CVE-2024-7964: Use after free in Passwords
* CVE-2024-7965: Inappropriate implementation in V8
* CVE-2024-7966: Out of bounds memory access in Skia
* CVE-2024-7967: Heap buffer overflow in Fonts
* CVE-2024-7968: Use after free in Autofill
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-7971: Type confusion in V8
* CVE-2024-7972: Inappropriate implementation in V8
* CVE-2024-7973: Heap buffer overflow in PDFium
* CVE-2024-7974: Insufficient data validation in V8 API
* CVE-2024-7975: Inappropriate implementation in Permissions
* CVE-2024-7976: Inappropriate implementation in FedCM
* CVE-2024-7977: Insufficient data validation in Installer
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
* CVE-2024-7979: Insufficient data validation in Installer
* CVE-2024-7980: Insufficient data validation in Installer
* CVE-2024-7981: Inappropriate implementation in Views
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
* CVE-2024-8035: Inappropriate implementation in Extensions
* Various fixes from internal audits, fuzzing and other initiatives
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1229426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1229591");
# https://lists.opensuse.org/archives/list/[email protected]/thread/G5G3DFUIZH3E3T5UIPSI3LSGCI5KE3NF/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5ca3ce7e");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7964");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7965");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7966");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7967");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7968");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7969");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7971");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7972");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7973");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7974");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7975");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7976");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7977");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7978");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7979");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7980");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-7981");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-8033");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-8034");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-8035");
script_set_attribute(attribute:"solution", value:
"Update the affected chromedriver and / or chromium packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-7974");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/21");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromedriver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:chromium");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/SuSE/release');
if (isnull(os_release) || os_release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var _os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:os_release);
if (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
_os_ver = _os_ver[1];
if (os_release !~ "^(SUSE15\.5|SUSE15\.6)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.5 / 15.6', os_release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);
var pkgs = [
{'reference':'chromedriver-128.0.6613.84-bp156.2.17.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromedriver-128.0.6613.84-bp156.2.17.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromedriver-128.0.6613.84-bp156.2.17.1', 'cpu':'aarch64', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromedriver-128.0.6613.84-bp156.2.17.1', 'cpu':'x86_64', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromium-128.0.6613.84-bp156.2.17.1', 'cpu':'aarch64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromium-128.0.6613.84-bp156.2.17.1', 'cpu':'x86_64', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromium-128.0.6613.84-bp156.2.17.1', 'cpu':'aarch64', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'chromium-128.0.6613.84-bp156.2.17.1', 'cpu':'x86_64', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromedriver / chromium');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7975
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8035
www.nessus.org/u?5ca3ce7e
bugzilla.suse.com/1229426
bugzilla.suse.com/1229591
www.suse.com/security/cve/CVE-2024-7964
www.suse.com/security/cve/CVE-2024-7965
www.suse.com/security/cve/CVE-2024-7966
www.suse.com/security/cve/CVE-2024-7967
www.suse.com/security/cve/CVE-2024-7968
www.suse.com/security/cve/CVE-2024-7969
www.suse.com/security/cve/CVE-2024-7971
www.suse.com/security/cve/CVE-2024-7972
www.suse.com/security/cve/CVE-2024-7973
www.suse.com/security/cve/CVE-2024-7974
www.suse.com/security/cve/CVE-2024-7975
www.suse.com/security/cve/CVE-2024-7976
www.suse.com/security/cve/CVE-2024-7977
www.suse.com/security/cve/CVE-2024-7978
www.suse.com/security/cve/CVE-2024-7979
www.suse.com/security/cve/CVE-2024-7980
www.suse.com/security/cve/CVE-2024-7981
www.suse.com/security/cve/CVE-2024-8033
www.suse.com/security/cve/CVE-2024-8034
www.suse.com/security/cve/CVE-2024-8035
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
96.8%