Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20201001_GLIB2_AND_IBUS_ON_SL7_X.NASL
HistoryOct 21, 2020 - 12:00 a.m.

Scientific Linux Security Update : glib2 and ibus on SL7.x x86_64 (20201001)

2020-10-2100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

Security Fix(es) :

  • glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450)

  • ibus: missing authorization allows local attacker to access the input bus of another user (CVE-2019-14822)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('compat.inc');

if (description)
{
  script_id(141664);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/14");

  script_cve_id("CVE-2019-12450", "CVE-2019-14822");

  script_name(english:"Scientific Linux Security Update : glib2 and ibus on SL7.x x86_64 (20201001)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
  script_set_attribute(attribute:"description", value:
"Security Fix(es) :

  - glib2: file_copy_fallback in gio/gfile.c in GNOME GLib
    does not properly restrict file permissions while a copy
    operation is in progress (CVE-2019-12450)

  - ibus: missing authorization allows local attacker to
    access the input bus of another user (CVE-2019-14822)");
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=21267
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e805c554");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12450");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2-fam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glib2-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-devel-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-gtk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-gtk3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-pygtk2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:ibus-setup");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Scientific Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glib2-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glib2-debuginfo-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glib2-devel-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", reference:"glib2-doc-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glib2-fam-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glib2-static-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glib2-tests-2.56.1-7.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-debuginfo-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-devel-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", reference:"ibus-devel-docs-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-gtk2-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-gtk3-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-libs-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", reference:"ibus-pygtk2-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", reference:"ibus-setup-1.5.17-11.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"ibus-setup-1.5.17-11.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glib2 / glib2-debuginfo / glib2-devel / glib2-doc / glib2-fam / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxglib2p-cpe:/a:fermilab:scientific_linux:glib2
fermilabscientific_linuxglib2-debuginfop-cpe:/a:fermilab:scientific_linux:glib2-debuginfo
fermilabscientific_linuxglib2-develp-cpe:/a:fermilab:scientific_linux:glib2-devel
fermilabscientific_linuxglib2-docp-cpe:/a:fermilab:scientific_linux:glib2-doc
fermilabscientific_linuxglib2-famp-cpe:/a:fermilab:scientific_linux:glib2-fam
fermilabscientific_linuxibus-setupp-cpe:/a:fermilab:scientific_linux:ibus-setup
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux
fermilabscientific_linuxglib2-staticp-cpe:/a:fermilab:scientific_linux:glib2-static
fermilabscientific_linuxglib2-testsp-cpe:/a:fermilab:scientific_linux:glib2-tests
fermilabscientific_linuxibusp-cpe:/a:fermilab:scientific_linux:ibus
Rows per page:
1-10 of 171

Related

oraclelinux 3
nessus 65
redhat 9
centos 1
openvas 38
cvelist 3
redhatcve 3
ubuntu 4
debian 4
suse 3
fedora 4
mageia 2
almalinux 1
osv 6
cve 3
debiancve 3
prion 3
ubuntucve 3
cbl_mariner 2
nvd 3
f5 2
amazon 5
veracode 2
cloudfoundry 1
ibm 5
alpinelinux 1
photon 6
oracle 1
oraclelinux
oraclelinux
glib2 and ibus security and bug fix update
2020-10-06 00:00:00
glib2 security, bug fix, and enhancement update
2019-11-14 00:00:00
ibus and glib2 security and bug fix update
2020-05-05 00:00:00
nessus
nessus
Oracle Linux 7 : glib2 / and / ibus (ELSA-2020-3978)
2020-10-07 00:00:00
CentOS 7 : glib2 and ibus (CESA-2020:3978)
2020-10-20 00:00:00
RHEL 7 : glib2 and ibus (RHSA-2020:3978)
2020-09-29 00:00:00
redhat
redhat
(RHSA-2020:3978) Moderate: glib2 and ibus security and bug fix update
2020-09-29 07:48:16
(RHSA-2020:1880) Moderate: ibus and glib2 security and bug fix update
2020-04-28 09:26:53
(RHSA-2019:3530) Moderate: glib2 security, bug fix, and enhancement update
2019-11-05 17:56:44
centos
centos
glib2, ibus security update
2020-10-20 18:07:15
openvas
openvas
Huawei EulerOS: Security Advisory for ibus (EulerOS-SA-2020-1855)
2020-08-31 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2389-1)
2021-04-19 00:00:00
Fedora Update for ibus FEDORA-2019-5bf13218a5
2019-10-01 00:00:00
cvelist
cvelist
CVE-2019-14822
2019-11-25 11:01:18
CVE-2019-12450
2019-05-29 16:16:14
CVE-2019-13012
2019-06-28 14:07:42
redhatcve
redhatcve
CVE-2019-14822
2019-09-13 07:51:28
CVE-2019-12450
2019-12-29 21:44:45
CVE-2019-13012
2019-07-10 10:51:48
ubuntu
ubuntu
IBus vulnerability
2019-09-16 00:00:00
IBus vulnerability
2020-03-24 00:00:00
GLib vulnerability
2019-06-10 00:00:00
debian
debian
[SECURITY] [DSA 4525-1] ibus security update
2019-09-18 21:02:42
[SECURITY] [DLA 1826-1] glib2.0 security update
2019-06-18 20:47:44
[SECURITY] [DSA 4525-1] ibus security update
2019-09-18 21:02:42
suse
suse
Security update for ibus (important)
2019-09-26 00:00:00
Security update for ibus (important)
2019-09-24 00:00:00
Security update for glib2 (important)
2019-06-27 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: ibus-1.5.21-2.fc31
2019-09-18 00:07:07
[SECURITY] Fedora 29 Update: ibus-1.5.19-17.fc29
2019-09-29 02:22:59
[SECURITY] Fedora 30 Update: ibus-1.5.20-5.fc30
2019-09-25 01:08:28
mageia
mageia
Updated ibus packages fix security vulnerability
2019-09-21 14:07:28
Updated glib2.0 packages fix security vulnerability
2019-11-30 16:06:06
almalinux
almalinux
Moderate: ibus and glib2 security and bug fix update
2020-04-28 09:26:53
osv
osv
CVE-2019-14822
2019-11-25 12:15:11
ibus - security update
2019-09-18 00:00:00
CVE-2019-12450
2019-05-29 17:29:00
cve
cve
CVE-2019-14822
2019-11-25 12:15:11
CVE-2019-12450
2019-05-29 17:29:00
CVE-2019-13012
2019-06-28 15:15:10
debiancve
debiancve
CVE-2019-14822
2019-11-25 12:15:11
CVE-2019-12450
2019-05-29 17:29:00
CVE-2019-13012
2019-06-28 15:15:10
prion
prion
Input validation
2019-11-25 12:15:00
Default credentials
2019-05-29 17:29:00
Null pointer dereference
2019-06-28 15:15:00
ubuntucve
ubuntucve
CVE-2019-12450
2019-05-29 00:00:00
CVE-2019-14822
2019-09-13 00:00:00
CVE-2019-13012
2019-06-28 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-12450 affecting package glib 2.58.0-10
2020-09-09 06:09:08
CVE-2019-12450 affecting package glib for versions less than 2.60.1-5
2022-04-09 06:51:45
nvd
nvd
CVE-2019-14822
2019-11-25 12:15:11
CVE-2019-12450
2019-05-29 17:29:00
CVE-2019-13012
2019-06-28 15:15:10
f5
f5
K70949911 : Glib vulnerability CVE-2019-14822
2022-08-26 00:00:00
K18407453 : Glib vulnerabilities CVE-2018-10767, CVE-2019-12450, and CVE-2019-19126
2022-04-25 00:00:00
amazon
amazon
Medium: ibus
2020-11-09 17:10:00
Medium: glib2
2020-11-09 17:10:00
Medium: glib2
2019-08-07 23:00:00
veracode
veracode
Insecure Access Controls
2020-10-01 03:51:33
Insecure File Permissions
2019-11-06 00:21:01
cloudfoundry
cloudfoundry
USN-4014-1: GLib vulnerability | Cloud Foundry
2019-06-18 00:00:00
ibm
ibm
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2019-12450)
2021-08-04 17:37:31
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2019-12450)
2021-08-04 17:56:39
Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2021-02-02 22:11:04
alpinelinux
alpinelinux
CVE-2019-12450
2019-05-29 17:29:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0018
2019-06-12 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0018
2019-06-12 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0237
2019-06-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON
Related for SL_20201001_GLIB2_AND_IBUS_ON_SL7_X.NASL
oraclelinux3nessus65redhat9centos1openvas38cvelist3redhatcve3ubuntu4debian4suse3fedora4mageia2almalinux1osv6cve3debiancve3prion3ubuntucve3cbl_mariner2nvd3f52amazon5veracode2cloudfoundry1ibm5alpinelinux1photon6oracle1