Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLEVM_OVMSA-2016-0048.NASLHistoryMay 16, 2016 - 12:00 a.m.
OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0048)
2016-05-1600:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
0.017
Percentile
87.9%
The remote OracleVM system is missing necessary patches to address critical security updates :
-
CVE-2016-3115: missing sanitisation of input for X11 forwarding (#1317817)
-
Restore functionallity of pam_ssh_agent_auth in FIPS mode (#1278315)
-
Initialize devices_done variable for challenge response (#1281468)
-
Update behaviour of X11 forwarding to match upstream (#1299048)
-
Ammends previous release, fixing typos and behaviour changes
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from OracleVM
# Security Advisory OVMSA-2016-0048.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(91153);
script_version("2.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2016-3115");
script_name(english:"OracleVM 3.3 / 3.4 : openssh (OVMSA-2016-0048)");
script_summary(english:"Checks the RPM output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote OracleVM host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The remote OracleVM system is missing necessary patches to address
critical security updates :
- CVE-2016-3115: missing sanitisation of input for X11
forwarding (#1317817)
- Restore functionallity of pam_ssh_agent_auth in FIPS
mode (#1278315)
- Initialize devices_done variable for challenge response
(#1281468)
- Update behaviour of X11 forwarding to match upstream
(#1299048)
- Ammends previous release, fixing typos and behaviour
changes"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000462.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000461.html"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected openssh / openssh-clients / openssh-server
packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssh-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:openssh-server");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/22");
script_set_attribute(attribute:"patch_publication_date", value:"2016/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/16");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"OracleVM Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/OracleVM/release");
if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release);
if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"OVS3.3", reference:"openssh-5.3p1-117.el6")) flag++;
if (rpm_check(release:"OVS3.3", reference:"openssh-clients-5.3p1-117.el6")) flag++;
if (rpm_check(release:"OVS3.3", reference:"openssh-server-5.3p1-117.el6")) flag++;
if (rpm_check(release:"OVS3.4", reference:"openssh-5.3p1-117.el6")) flag++;
if (rpm_check(release:"OVS3.4", reference:"openssh-clients-5.3p1-117.el6")) flag++;
if (rpm_check(release:"OVS3.4", reference:"openssh-server-5.3p1-117.el6")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssh / openssh-clients / openssh-server");
}
Related
fedora
fedora
[SECURITY] Fedora 22 Update: openssh-6.9p1-11.fc22
2016-03-29 19:23:45
[SECURITY] Fedora 24 Update: gsi-openssh-7.2p2-2.fc24
2016-05-07 13:36:50
[SECURITY] Fedora 23 Update: openssh-7.2p2-1.fc23
2016-03-13 23:57:13
nessus
nessus
Fedora 24 : gsi-openssh-7.2p2-2.fc24 (2016-08e5803496)
2016-05-09 00:00:00
Fedora 22 : openssh-6.9p1-11.fc22 (2016-d339d610c1)
2016-04-01 00:00:00
Fedora 23 : openssh-7.2p2-1.fc23 (2016-bb59db3c86)
2016-03-14 00:00:00
freebsd
freebsd
openssh -- command injection when X11Forwarding is enabled
2016-03-11 00:00:00
f5
f5
K93532943 : SSHD session.c vulnerability CVE-2016-3115
2016-04-27 00:00:00
SOL93532943 - SSHD session.c vulnerability CVE-2016-3115
2016-04-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssh version 6.7p1-alt1.M70P.2
2016-03-14 00:00:00
Security fix for the ALT Linux 6 package openssh version 6.7p1-alt1.M60P.2
2016-03-14 00:00:00
seebug
seebug
OpenSSH <=7.2p1 xauth injection
2016-03-16 00:00:00
exploitdb
exploitdb
BlackStratus LOGStorm 4.5.1.35/4.5.1.96 - Remote Code Execution
2016-12-04 00:00:00
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
2016-03-16 00:00:00
DropBearSSHD 2015.71 - Command Injection
2016-03-03 00:00:00
nvd
nvd
CVE-2016-3115
2016-03-22 10:59:02
veracode
veracode
CRLF Injection
2019-05-02 05:27:51
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0108)
2016-03-14 00:00:00
OpenSSH <= 7.2p1 - Xauth Injection
2016-03-21 00:00:00
Fedora Update for openssh FEDORA-2016-0
2016-04-11 00:00:00
cvelist
cvelist
CVE-2016-3115
2016-03-22 10:00:00
cve
cve
CVE-2016-3115
2016-03-22 10:59:02
prion
prion
Crlf injection
2016-03-22 10:59:00
mageia
mageia
Updated openssh packages fix security vulnerability
2016-03-11 02:37:43
archlinux
archlinux
openssh: command injection
2016-03-11 00:00:00
packetstorm
packetstorm
BlackStratus LOGStorm 4.5.1.35 / 4.5.1.96 Remote Root
2016-12-05 00:00:00
OpenSSH 7.2p1 xauth Command Injection / Bypass
2016-03-15 00:00:00
exploitpack
exploitpack
OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
2016-03-16 00:00:00
BlackStratus LOGStorm 4.5.1.354.5.1.96 - Remote Code Execution
2016-12-04 00:00:00
DropBearSSHD 2015.71 - Command Injection
2016-03-03 00:00:00
slackware
slackware
[slackware-security] openssh
2016-03-11 01:32:41
debiancve
debiancve
CVE-2016-3115
2016-03-22 10:59:02
threatpost
threatpost
ubuntucve
ubuntucve
CVE-2016-3115
2016-03-22 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:14.openssh
2016-03-16 00:00:00
amazon
amazon
Medium: openssh
2016-03-16 16:30:00
redhat
redhat
(RHSA-2016:0465) Moderate: openssh security update
2016-03-21 20:03:21
(RHSA-2016:0466) Moderate: openssh security update
2016-03-21 00:00:00
centos
centos
openssh, pam_ssh_agent_auth security update
2016-03-21 22:18:29
openssh, pam_ssh_agent_auth security update
2016-03-21 22:38:14
aix
aix
Vulnerabilities in OpenSSH affect AIX
2016-05-03 10:03:39
oraclelinux
oraclelinux
openssh security update
2016-03-21 00:00:00
openssh security update
2016-03-21 00:00:00
openssh security update
2016-04-03 00:00:00
symantec
symantec
SA121 : OpenSSH Shell Command Restriction Bypass
2016-04-28 08:00:00
ibm
ibm
cloudfoundry
cloudfoundry
USN-2966-1 OpenSSH vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
ubuntu
ubuntu
OpenSSH vulnerabilities
2016-05-09 00:00:00
gentoo
gentoo
OpenSSH: Multiple vulnerabilities
2016-12-07 00:00:00
osv
osv
openssh - security update
2018-09-10 00:00:00
debian
debian
[SECURITY] [DLA 1500-1] openssh security update
2018-09-10 08:44:17
githubexploit
githubexploit
Exploit for Signal Handler Race Condition in Openbsd Openssh
2024-07-01 20:45:53
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS3
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS
0.017
Percentile
87.9%
Related for ORACLEVM_OVMSA-2016-0048.NASL