Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2022 Greenbone AGOPENVAS:13614125623114202237911
HistoryOct 28, 2022 - 12:00 a.m.

SUSE: Security Advisory (SUSE-SU-2022:3791-1)

2022-10-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
2
suse-su-2022:3791-1
libtirpc
denial of service
ipv6 addresses
suse linux enterprise server 12-sp2
suse linux enterprise server 12-sp3
suse linux enterprise server 12-sp4
suse linux enterprise server 12-sp5
suse linux enterprise server for sap 12-sp4
suse linux enterprise software development kit 12-sp5
suse openstack cloud 9
suse openstack cloud crowbar 9.

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2022.3791.1");
  script_cve_id("CVE-2021-46828");
  script_tag(name:"creation_date", value:"2022-10-28 04:36:32 +0000 (Fri, 28 Oct 2022)");
  script_version("2024-02-02T14:37:51+0000");
  script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-08-01 16:51:11 +0000 (Mon, 01 Aug 2022)");

  script_name("SUSE: Security Advisory (SUSE-SU-2022:3791-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP2|SLES12\.0SP3|SLES12\.0SP4|SLES12\.0SP5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:3791-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20223791-1/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'libtirpc' package(s) announced via the SUSE-SU-2022:3791-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for libtirpc fixes the following issues:

CVE-2021-46828: Fixed denial of service vulnerability with lots of
 connections (bsc#1201680).

Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)");

  script_tag(name:"affected", value:"'libtirpc' package(s) on SUSE Linux Enterprise Server 12-SP2, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP2") {

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.1~17.24.1", rls:"SLES12.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.1~17.24.1", rls:"SLES12.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.1~17.24.1", rls:"SLES12.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit", rpm:"libtirpc3-32bit~1.0.1~17.24.1", rls:"SLES12.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.1~17.24.1", rls:"SLES12.0SP2"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo-32bit", rpm:"libtirpc3-debuginfo-32bit~1.0.1~17.24.1", rls:"SLES12.0SP2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES12.0SP3") {

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.1~17.24.1", rls:"SLES12.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.1~17.24.1", rls:"SLES12.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.1~17.24.1", rls:"SLES12.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit", rpm:"libtirpc3-32bit~1.0.1~17.24.1", rls:"SLES12.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.1~17.24.1", rls:"SLES12.0SP3"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo-32bit", rpm:"libtirpc3-debuginfo-32bit~1.0.1~17.24.1", rls:"SLES12.0SP3"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES12.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.1~17.24.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.1~17.24.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.1~17.24.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit", rpm:"libtirpc3-32bit~1.0.1~17.24.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.1~17.24.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo-32bit", rpm:"libtirpc3-debuginfo-32bit~1.0.1~17.24.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES12.0SP5") {

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-debugsource", rpm:"libtirpc-debugsource~1.0.1~17.24.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc-netconfig", rpm:"libtirpc-netconfig~1.0.1~17.24.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3", rpm:"libtirpc3~1.0.1~17.24.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-32bit", rpm:"libtirpc3-32bit~1.0.1~17.24.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo", rpm:"libtirpc3-debuginfo~1.0.1~17.24.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libtirpc3-debuginfo-32bit", rpm:"libtirpc3-debuginfo-32bit~1.0.1~17.24.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 18
nessus 25
cve 1
prion 1
nvd 1
cbl_mariner 2
osv 6
gentoo 1
redos 1
rocky 2
mageia 1
debian 2
oraclelinux 1
debiancve 1
veracode 1
ubuntu 1
cvelist 1
rosalinux 1
suse 1
redhat 2
almalinux 1
alpinelinux 1
redhatcve 1
ubuntucve 1
photon 4
ics 2
ibm 2
avleonov 1
openvas
openvas
openSUSE: Security Advisory for libtirpc (SUSE-SU-2022:3305-1)
2022-09-20 00:00:00
Huawei EulerOS: Security Advisory for libtirpc (EulerOS-SA-2022-2298)
2022-09-14 00:00:00
Huawei EulerOS: Security Advisory for libtirpc (EulerOS-SA-2022-2658)
2022-11-03 00:00:00
nessus
nessus
RHEL 9 : libtirpc (RHSA-2022:8400)
2022-11-16 00:00:00
EulerOS 2.0 SP10 : libtirpc (EulerOS-SA-2022-2690)
2022-11-02 00:00:00
Siemens SCALANCE XCM332 Allocation of Resources Without Limits or Throttling (CVE-2021-46828)
2023-05-02 00:00:00
cve
cve
CVE-2021-46828
2022-07-20 06:15:07
prion
prion
Code injection
2022-07-20 06:15:00
nvd
nvd
CVE-2021-46828
2022-07-20 06:15:07
cbl_mariner
cbl_mariner
CVE-2021-46828 affecting package libtirpc 1.3.3-1
2024-07-08 03:08:43
CVE-2021-46828 affecting package libtirpc 1.1.4-4
2022-09-17 05:56:35
osv
osv
Moderate: libtirpc security update
2022-11-15 00:00:00
Moderate: libtirpc security update
2022-11-15 06:23:29
libtirpc - security update
2022-08-11 00:00:00
gentoo
gentoo
Libtirpc: Denial of Service
2022-10-31 00:00:00
redos
redos
ROS-20240403-03
2024-04-03 00:00:00
rocky
rocky
libtirpc bug fix and enhancement update
2022-05-10 08:15:03
libtirpc security update
2022-11-15 06:23:29
mageia
mageia
Updated libitrpc packages fix security vulnerability
2022-08-20 13:04:13
debian
debian
[SECURITY] [DLA 3071-1] libtirpc security update
2022-08-11 10:59:36
[SECURITY] [DSA 5200-1] libtirpc security update
2022-08-07 08:56:53
oraclelinux
oraclelinux
libtirpc security update
2022-11-22 00:00:00
debiancve
debiancve
CVE-2021-46828
2022-07-20 06:15:07
veracode
veracode
Denial Of Service (DoS)
2022-07-20 11:06:47
ubuntu
ubuntu
libtirpc vulnerability
2022-07-28 00:00:00
cvelist
cvelist
CVE-2021-46828
2022-07-20 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2339
2024-02-06 08:17:10
suse
suse
Security update for libtirpc (important)
2022-09-19 00:00:00
redhat
redhat
(RHSA-2022:8400) Moderate: libtirpc security update
2022-11-15 06:23:29
(RHSA-2023:3742) Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
2023-06-21 15:20:50
almalinux
almalinux
Moderate: libtirpc security update
2022-11-15 00:00:00
alpinelinux
alpinelinux
CVE-2021-46828
2022-07-20 06:15:07
redhatcve
redhatcve
CVE-2021-46828
2022-07-21 07:45:33
ubuntucve
ubuntucve
CVE-2021-46828
2022-07-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0224
2022-08-06 00:00:00
Important Photon OS Security Update - PHSA-2022-0504
2022-08-06 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0431
2022-08-09 00:00:00
ics
ics
Siemens SCALANCE XCM332
2023-04-13 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
ibm
ibm
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from curl, systemd, and Golang Go
2022-09-28 09:47:09
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-07-31 09:28:35
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON
Related for OPENVAS:13614125623114202237911
openvas18nessus25cve1prion1nvd1cbl_mariner2osv6gentoo1redos1rocky2mageia1debian2oraclelinux1debiancve1veracode1ubuntu1cvelist1rosalinux1suse1redhat2almalinux1alpinelinux1redhatcve1ubuntucve1photon4ics2ibm2avleonov1