Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202104-6
HistoryApr 29, 2021 - 12:00 a.m.

[ASA-202104-6] nimble: multiple issues

2021-04-2900:00:00
security.archlinux.org
205

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.4%

JSON

Arch Linux Security Advisory ASA-202104-6

Severity: High
Date : 2021-04-29
CVE-ID : CVE-2021-21372 CVE-2021-21373 CVE-2021-21374
Package : nimble
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1842

Summary

The package nimble before version 1:0.13.1-1 is vulnerable to multiple
issues including arbitrary command execution and man-in-the-middle.

Resolution

Upgrade to 1:0.13.1-1.

pacman -Syu “nimble>=1:0.13.1-1”

The problems have been fixed upstream in version 0.13.1.

Workaround

None.

Description

  • CVE-2021-21372 (arbitrary command execution)

In Nimble before version 0.13.0, doCmd can be leveraged to execute
arbitrary commands. An attacker can craft a malicious entry in the
packages.json package list to trigger code execution.

  • CVE-2021-21373 (man-in-the-middle)

In Nimble before version 0.13.0, “nimble refresh” fetches a list of
Nimble packages over HTTPS by default. In case of error it falls back
to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker
able to perform MitM can deliver a modified package list containing
malicious software packages. If the packages are installed and used the
attack escalates to untrusted code execution.

  • CVE-2021-21374 (man-in-the-middle)

In Nimble before version 0.13.0, “nimble refresh” fetches a list of
Nimble packages over HTTPS without full verification of the SSL/TLS
certificate due to the default setting of httpClient. An attacker able
to perform man-in-the-middle (MitM) can deliver a modified package list
containing malicious software packages. If the packages are installed
and used the attack escalates to untrusted code execution.

Impact

An attacker can perform a man-in-the-middle to inject malicious package
dependencies to a client. In addition, a malicious packager can execute
arbitrary code on the affected client by providing a maliciously-
crafted package metadata file.

References

https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
https://github.com/nim-lang/nimble/commit/7bd63d504a4157b8ed61a51af47fb086ee818c37
https://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8
https://github.com/nim-lang/nimble/commit/aec0ae5c23d2e2a2ec28e97dcb9dd6cb1e68b134
https://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx
https://github.com/nim-lang/nimble/commit/b60b6f8d5832c7393676ba7bcd0e07d293cec738
https://security.archlinux.org/CVE-2021-21372
https://security.archlinux.org/CVE-2021-21373
https://security.archlinux.org/CVE-2021-21374

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanynimble< 1:0.13.1-1UNKNOWN

Related

nessus 2
suse 4
openvas 2
prion 3
debiancve 3
ubuntucve 3
veracode 3
osv 3
cve 3
nessus
nessus
openSUSE Security Update : nim (openSUSE-2021-618)
2021-05-18 00:00:00
openSUSE 15 Security Update : nim (openSUSE-SU-2022:10101-1)
2022-08-28 00:00:00
suse
suse
Security update for nim (moderate)
2021-04-26 00:00:00
Security update for nim (moderate)
2021-04-29 00:00:00
Security update for nim (important)
2022-08-27 00:00:00
openvas
openvas
openSUSE: Security Advisory for nim (openSUSE-SU-2021:0618-1)
2021-04-27 00:00:00
openSUSE: Security Advisory for nim (openSUSE-SU-2022:10101-1)
2024-03-04 00:00:00
prion
prion
Remote code execution
2021-03-26 22:15:00
Design/Logic Flaw
2021-03-26 22:15:00
Remote code execution
2021-03-26 22:15:00
debiancve
debiancve
CVE-2021-21373
2021-03-26 22:15:00
CVE-2021-21372
2021-03-26 22:15:00
CVE-2021-21374
2021-03-26 22:15:00
ubuntucve
ubuntucve
CVE-2021-21373
2021-03-26 00:00:00
CVE-2021-21374
2021-03-26 00:00:00
CVE-2021-21372
2021-03-26 00:00:00
veracode
veracode
Man-In-The-Middle Attack
2021-04-21 18:12:45
Man-in-the-Middle (MitM)
2021-04-21 18:12:49
Remote Code Execution
2021-04-21 18:12:50
osv
osv
CVE-2021-21373
2021-03-26 22:15:12
CVE-2021-21374
2021-03-26 22:15:12
CVE-2021-21372
2021-03-26 22:15:12
cve
cve
CVE-2021-21373
2021-03-26 22:15:00
CVE-2021-21372
2021-03-26 22:15:00
CVE-2021-21374
2021-03-26 22:15:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.4%

JSON
Related for ASA-202104-6
nessus2suse4openvas2prion3debiancve3ubuntucve3veracode3osv3cve3