openSUSE 15 Security Update : sngrep (openSUSE-SU-2024:0106-1)

critical Nessus Plugin ID 193252

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0106-1 advisory.

- A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages. (CVE-2024-3119)

- A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.
(CVE-2024-3120)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected sngrep package.

See Also

http://www.nessus.org/u?ea722e5b

https://www.suse.com/security/cve/CVE-2024-3119

https://www.suse.com/security/cve/CVE-2024-3120

Plugin Details

Severity: Critical

ID: 193252

File Name: openSUSE-2024-0106-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 4/12/2024

Updated: 4/12/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2024-3119

CVSS v3

Risk Factor: Critical

Base Score: 9

Temporal Score: 7.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-3120

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:sngrep, cpe:/o:novell:opensuse:15.5

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2024

Vulnerability Publication Date: 4/10/2024

Reference Information

CVE: CVE-2024-3119, CVE-2024-3120