openSUSE 15 Security Update : upx (openSUSE-SU-2023:0088-1)

high Nessus Plugin ID 174145

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0088-1 advisory.

- A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. (CVE-2021-20285)

- Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0.
That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
(CVE-2021-30500)

- An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. (CVE-2021-30501)

- A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. (CVE-2021-43311)

- A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. (CVE-2021-43312)

- A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. (CVE-2021-43313)

- A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 (CVE-2021-43314)

- A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 (CVE-2021-43315)

- A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). (CVE-2021-43316)

- A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 (CVE-2021-43317)

- A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)

- A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
(CVE-2023-23457)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected upx package.

See Also

https://www.suse.com/security/cve/CVE-2021-43315

https://www.suse.com/security/cve/CVE-2021-43316

https://www.suse.com/security/cve/CVE-2021-43317

https://www.suse.com/security/cve/CVE-2023-23456

https://www.suse.com/security/cve/CVE-2023-23457

https://bugzilla.suse.com/1183510

https://bugzilla.suse.com/1184701

https://bugzilla.suse.com/1184702

https://bugzilla.suse.com/1207121

https://bugzilla.suse.com/1207122

https://bugzilla.suse.com/1209765

https://bugzilla.suse.com/1209766

https://bugzilla.suse.com/1209767

https://bugzilla.suse.com/1209768

https://bugzilla.suse.com/1209769

https://bugzilla.suse.com/1209770

https://bugzilla.suse.com/1209771

http://www.nessus.org/u?599e7773

https://www.suse.com/security/cve/CVE-2021-20285

https://www.suse.com/security/cve/CVE-2021-30500

https://www.suse.com/security/cve/CVE-2021-30501

https://www.suse.com/security/cve/CVE-2021-43311

https://www.suse.com/security/cve/CVE-2021-43312

https://www.suse.com/security/cve/CVE-2021-43313

https://www.suse.com/security/cve/CVE-2021-43314

Plugin Details

Severity: High

ID: 174145

File Name: openSUSE-2023-0088-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/12/2023

Updated: 4/19/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2021-20285

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-30500

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:upx, cpe:/o:novell:opensuse:15.4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/11/2023

Vulnerability Publication Date: 3/11/2021

Reference Information

CVE: CVE-2021-20285, CVE-2021-30500, CVE-2021-30501, CVE-2021-43311, CVE-2021-43312, CVE-2021-43313, CVE-2021-43314, CVE-2021-43315, CVE-2021-43316, CVE-2021-43317, CVE-2023-23456, CVE-2023-23457