7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.018 Low
EPSS
Percentile
88.2%
Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application.
(CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)
The desktop must be restarted (log out, then log back in) for this update to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(87235);
script_version("2.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2015-5312", "CVE-2015-7497", "CVE-2015-7498", "CVE-2015-7499", "CVE-2015-7500", "CVE-2015-7941", "CVE-2015-7942", "CVE-2015-8241", "CVE-2015-8242", "CVE-2015-8317");
script_name(english:"Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20151207)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Several denial of service flaws were found in libxml2, a library
providing support for reading, modifying, and writing XML and HTML
files. A remote attacker could provide a specially crafted XML or HTML
file that, when processed by an application using libxml2, would cause
that application to use an excessive amount of CPU, leak potentially
sensitive information, or in certain cases crash the application.
(CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499,
CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241,
CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955)
The desktop must be restarted (log out, then log back in) for this
update to take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1213957"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1281955"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1512&L=scientific-linux-errata&F=&S=&P=79
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?06aa91f1"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5312");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-python");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:libxml2-static");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/08");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"libxml2-2.7.6-20.el6_7.1", el_string:"el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-debuginfo-2.7.6-20.el6_7.1", el_string:"el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-devel-2.7.6-20.el6_7.1", el_string:"el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-python-2.7.6-20.el6_7.1", el_string:"el6_7")) flag++;
if (rpm_check(release:"SL6", reference:"libxml2-static-2.7.6-20.el6_7.1", el_string:"el6_7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux | |
fermilab | scientific_linux | libxml2-static | p-cpe:/a:fermilab:scientific_linux:libxml2-static |
fermilab | scientific_linux | libxml2-devel | p-cpe:/a:fermilab:scientific_linux:libxml2-devel |
fermilab | scientific_linux | libxml2 | p-cpe:/a:fermilab:scientific_linux:libxml2 |
fermilab | scientific_linux | libxml2-debuginfo | p-cpe:/a:fermilab:scientific_linux:libxml2-debuginfo |
fermilab | scientific_linux | libxml2-python | p-cpe:/a:fermilab:scientific_linux:libxml2-python |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
www.nessus.org/u?06aa91f1
bugzilla.redhat.com/show_bug.cgi?id=1213957
bugzilla.redhat.com/show_bug.cgi?id=1281955