Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.PHOTONOS_PHSA-2019-3_0-0022_BINUTILS.NASLHistoryJul 04, 2019 - 12:00 a.m.
Photon OS 3.0: Binutils PHSA-2019-3.0-0022
2019-07-0400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.3%
An update of the binutils package has been released.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2019-3.0-0022. The text
# itself is copyright (C) VMware, Inc.
include('compat.inc');
if (description)
{
script_id(126474);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/10");
script_cve_id(
"CVE-2018-20623",
"CVE-2018-20651",
"CVE-2018-20671",
"CVE-2019-9071",
"CVE-2019-9073",
"CVE-2019-9074"
);
script_name(english:"Photon OS 3.0: Binutils PHSA-2019-3.0-0022");
script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"An update of the binutils package has been released.");
script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0022.md");
script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9074");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/31");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"PhotonOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
flag = 0;
if (rpm_check(release:"PhotonOS-3.0", reference:"binutils-2.31.1-5.ph3")) flag++;
if (rpm_check(release:"PhotonOS-3.0", reference:"binutils-debuginfo-2.31.1-5.ph3")) flag++;
if (rpm_check(release:"PhotonOS-3.0", reference:"binutils-devel-2.31.1-5.ph3")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074
github.com/vmware/photon/wiki/Security-Updates-3.0-0022.md
Related
photon
photon
Moderate Photon OS Security Update - PHSA-2019-0022
2019-06-25 00:00:00
Moderate Photon OS Security Update - PHSA-2019-3.0-0022
2019-06-25 00:00:00
nessus
nessus
Photon OS 1.0: Binutils PHSA-2019-1.0-0242
2019-07-04 00:00:00
EulerOS 2.0 SP8 : binutils (EulerOS-SA-2019-1642)
2019-06-27 00:00:00
Photon OS 2.0: Binutils PHSA-2019-2.0-0164
2019-06-24 00:00:00
f5
f5
K38336243 : Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712
2019-03-25 00:00:00
K37121474 : Binutils vulnerability CVE-2019-9073
2019-05-23 00:00:00
K02884135 : Binutils vulnerability CVE-2019-9071
2019-05-23 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1642)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-2330)
2020-11-04 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1001)
2020-01-23 00:00:00
cve
cve
redhatcve
redhatcve
ubuntucve
ubuntucve
debiancve
debiancve
veracode
veracode
Denial Of Service (DoS)
2020-09-21 06:19:19
Use-after-free
2020-09-21 06:31:52
Denial Of Service (DoS)
2020-09-21 06:18:29
osv
osv
prion
prion
Null pointer dereference
2019-01-01 16:29:00
Design/Logic Flaw
2019-02-24 00:29:00
Integer overflow
2019-01-04 16:29:00
cvelist
cvelist
nvd
nvd
cbl_mariner
cbl_mariner
CVE-2019-9073 affecting package binutils 2.32-5
2020-11-30 19:30:57
CVE-2019-9071 affecting package binutils 2.32-5
2020-11-30 19:30:57
CVE-2019-9074 affecting package binutils 2.32-5
2020-11-30 19:30:57
ibm
ibm
Security Bulletin: A vulnerability in GNU Binutils may affect IBM Robotic Process Automation for Cloud Pak and result in a denial of service (CVE-2019-9074).
2024-01-03 21:45:52
kitploit
kitploit
UAFuzz - Binary-level Directed Fuzzing For Use-After-Free Vulnerabilities
2020-11-24 20:30:00
gentoo
gentoo
Binutils: Multiple vulnerabilities
2021-07-10 00:00:00
Binutils: Multiple vulnerabilities
2019-08-03 00:00:00
cloudfoundry
cloudfoundry
USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
ubuntu
ubuntu
GNU binutils vulnerabilities
2020-04-22 00:00:00
GNU binutils vulnerabilities
2023-10-04 00:00:00
libiberty vulnerabilities
2020-04-08 00:00:00
suse
suse
Security update for binutils (moderate)
2019-10-30 00:00:00
Security update for binutils (moderate)
2019-11-05 00:00:00
Security update for binutils (moderate)
2020-10-31 00:00:00
cloudlinux
cloudlinux
Fix of 36 CVEs
2021-12-27 16:08:07
rosalinux
rosalinux
Advisory ROSA-SA-2021-1808
2021-07-02 16:33:56
mageia
mageia
Updated binutils packages fixes security vulnerabilities
2019-05-12 23:58:05
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7.1 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.3%
Related for PHOTONOS_PHSA-2019-3_0-0022_BINUTILS.NASL