Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562310844528HistoryAug 05, 2020 - 12:00 a.m.
Ubuntu: Security Advisory (USN-4450-1)
2020-08-0500:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
8
ubuntu
security
advisory
usn-4450-1
whoopsie
memory
denial of service
parsing files
execute arbitrary code
update package.
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
54.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.844528");
script_cve_id("CVE-2020-11937", "CVE-2020-12135", "CVE-2020-15570");
script_tag(name:"creation_date", value:"2020-08-05 03:00:35 +0000 (Wed, 05 Aug 2020)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-07-10 20:07:10 +0000 (Fri, 10 Jul 2020)");
script_name("Ubuntu: Security Advisory (USN-4450-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|20\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-4450-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4450-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'whoopsie' package(s) announced via the USN-4450-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A
local attacker could use this issue to cause Whoopsie to consume memory,
resulting in a denial of service. (CVE-2020-11937)
Seong-Joong Kim discovered that Whoopsie incorrectly handled parsing files.
A local attacker could use this issue to cause Whoopsie to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2020-12135)
Seong-Joong Kim discovered that Whoopsie incorrectly handled memory. A
local attacker could use this issue to cause Whoopsie to consume memory,
resulting in a denial of service. (CVE-2020-15570)");
script_tag(name:"affected", value:"'whoopsie' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libwhoopsie0", ver:"0.2.52.5ubuntu0.5", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"whoopsie", ver:"0.2.52.5ubuntu0.5", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libwhoopsie0", ver:"0.2.62ubuntu0.5", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"whoopsie", ver:"0.2.62ubuntu0.5", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU20.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"libwhoopsie0", ver:"0.2.69ubuntu0.1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"whoopsie", ver:"0.2.69ubuntu0.1", rls:"UBUNTU20.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ubuntu
ubuntu
Whoopsie vulnerabilities
2020-08-04 00:00:00
nessus
nessus
cve
cve
cvelist
cvelist
CVE-2020-15570
2020-07-06 13:59:15
CVE-2020-11937 Resource exhaustion vulnerability in whoopsie
2020-08-06 22:50:21
CVE-2020-12135
2020-04-24 00:31:51
prion
prion
Memory corruption
2020-07-06 14:15:00
Memory corruption
2020-08-06 23:15:00
Integer overflow
2020-04-24 01:15:00
nvd
nvd
ubuntucve
ubuntucve
redhatcve
redhatcve
CVE-2020-12135
2020-05-12 10:35:56
debiancve
debiancve
CVE-2020-12135
2020-04-24 01:15:11
osv
osv
CVE-2020-12135
2020-04-24 01:15:11
veracode
veracode
Integer Overflows
2020-09-21 06:36:06
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
7.1
Confidence
Low
EPSS
0.002
Percentile
54.0%
Related for OPENVAS:1361412562310844528