Detections
Analytics

Ubuntu 18.04 ESM : LibSass vulnerabilities (USN-4837-1)

critical Nessus Plugin ID 183625

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4837-1 advisory.

 - A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. (CVE-2018-11499)

 - An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. (CVE-2018-11693)

 - An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-11695)

 - An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-11696)

 - An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. (CVE-2018-11697)

 - An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. (CVE-2018-11698)

 - In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file. (CVE-2018-19797)

 - In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact. (CVE-2018-19827)

 - In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. (CVE-2018-19839)

 - In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file. (CVE-2018-20190)

 - In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp. (CVE-2019-6283)

 - In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
 (CVE-2019-6284)

 - In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693. (CVE-2019-6286)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsass-dev and / or libsass0 packages.

See Also

https://ubuntu.com/security/notices/USN-4837-1

Plugin Details

Severity: Critical

ID: 183625

File Name: ubuntu_USN-4837-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/20/2023

Updated: 10/20/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-11499

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:18.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:libsass-dev, p-cpe:/a:canonical:ubuntu_linux:libsass0

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2021

Vulnerability Publication Date: 5/26/2018

Reference Information

CVE: CVE-2018-11499, CVE-2018-11693, CVE-2018-11695, CVE-2018-11696, CVE-2018-11697, CVE-2018-11698, CVE-2018-19797, CVE-2018-19827, CVE-2018-19839, CVE-2018-20190, CVE-2019-6283, CVE-2019-6284, CVE-2019-6286

USN: 4837-1