ID GLSA-201801-20 Type gentoo Reporter Gentoo Foundation Modified 2018-01-27T00:00:00
Description
Background
Fossil is a simple, high-reliability, distributed software configuration management system.
Description
Fossil does not properly validate SSH sync protocol URLs.
Impact
A remote attacker, by enticing a user to open a specially crafted URL, could possibly execute arbitrary commands with the privileges of the user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Fossil users should upgrade to the latest version:
{"description": "### Background\n\nFossil is a simple, high-reliability, distributed software configuration management system. \n\n### Description\n\nFossil does not properly validate SSH sync protocol URLs.\n\n### Impact\n\nA remote attacker, by enticing a user to open a specially crafted URL, could possibly execute arbitrary commands with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Fossil users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/fossil-2.4\"", "affectedPackage": [{"OSVersion": "any", "OS": "Gentoo", "arch": "all", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "dev-vcs/fossil", "packageVersion": "2.4"}], "reporter": "Gentoo Foundation", "href": "https://security.gentoo.org/glsa/201801-20", "type": "gentoo", "viewCount": 48, "references": ["https://bugs.gentoo.org/show_bug.cgi?id=640208", "https://nvd.nist.gov/vuln/detail/CVE-2017-17459"], "lastseen": "2018-01-27T21:19:32", "published": "2018-01-27T00:00:00", "cvelist": ["CVE-2017-17459"], "id": "GLSA-201801-20", "modified": "2018-01-27T00:00:00", "title": "Fossil: User-assisted execution of arbitrary code", "edition": 1, "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "bulletinFamily": "unix", "enchantments": {"score": {"value": 7.1, "vector": "NONE", "modified": "2018-01-27T21:19:32", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-17459"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201801-20.NASL", "OPENSUSE-2017-1365.NASL", "FEDORA_2019-F350634B40.NASL"]}, {"type": "fedora", "idList": ["FEDORA:6E3336021A63"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310876571"]}], "modified": "2018-01-27T21:19:32", "rev": 2}, "vulnersScore": 7.1}}
{"cve": [{"lastseen": "2021-02-02T06:36:41", "description": "http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-07T18:29:00", "title": "CVE-2017-17459", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17459"], "modified": "2019-10-03T00:03:00", "cpe": [], "id": "CVE-2017-17459", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17459", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "openvas": [{"lastseen": "2019-07-19T21:44:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17459"], "description": "The remote host is missing an update for the\n ", "modified": "2019-07-17T00:00:00", "published": "2019-07-13T00:00:00", "id": "OPENVAS:1361412562310876571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876571", "type": "openvas", "title": "Fedora Update for fossil FEDORA-2019-f350634b40", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876571\");\n script_version(\"2019-07-17T08:19:47+0000\");\n script_cve_id(\"CVE-2017-17459\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-17 08:19:47 +0000 (Wed, 17 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-13 02:14:30 +0000 (Sat, 13 Jul 2019)\");\n script_name(\"Fedora Update for fossil FEDORA-2019-f350634b40\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f350634b40\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BLAFCQGE7C5UMX75LESNUMKTXTURUVQM\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the\n 'fossil' package(s) announced via the FEDORA-2019-f350634b40 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is\n present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Fossil is a simple, high-reliability,\n distributed software configuration management with distributed bug tracking,\n distributed wiki and built-in web interface.\");\n\n script_tag(name:\"affected\", value:\"'fossil' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"fossil\", rpm:\"fossil~2.8~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2017-17459"], "description": "Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface. ", "modified": "2019-07-13T01:07:36", "published": "2019-07-13T01:07:36", "id": "FEDORA:6E3336021A63", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: fossil-2.8-1.fc30", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-20T12:31:38", "description": "This update for fossil to version 2.4 fixes the following issues :\n\n - CVE-2017-17459: Client-side code execution via crafted\n 'ssh://' URLs (bsc#1071709)\n\nThe impact of this vulnerability is more limited than similar vectors\nfixed in other SCMs, as there is no known way to mask the repository\nURL or otherwise trigger non-interactively.\n\nThis update also contains all bug fixes and improvements in the 2.4\nrelease :\n\n - URL Aliases\n\n - tech-note search capability\n\n - Various added command line options\n\n - Annation depth is now configurable\n\nThe following legacy options are no longer available :\n\n - --no-dir-symlinks option\n\n - legacy configuration sync protocol", "edition": 20, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-12-14T00:00:00", "title": "openSUSE Security Update : fossil (openSUSE-2017-1365)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17459"], "modified": "2017-12-14T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:fossil-debuginfo", "p-cpe:/a:novell:opensuse:fossil-debugsource", "p-cpe:/a:novell:opensuse:fossil", "cpe:/o:novell:opensuse:42.3", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-1365.NASL", "href": "https://www.tenable.com/plugins/nessus/105245", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-1365.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105245);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-17459\");\n\n script_name(english:\"openSUSE Security Update : fossil (openSUSE-2017-1365)\");\n script_summary(english:\"Check for the openSUSE-2017-1365 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for fossil to version 2.4 fixes the following issues :\n\n - CVE-2017-17459: Client-side code execution via crafted\n 'ssh://' URLs (bsc#1071709)\n\nThe impact of this vulnerability is more limited than similar vectors\nfixed in other SCMs, as there is no known way to mask the repository\nURL or otherwise trigger non-interactively.\n\nThis update also contains all bug fixes and improvements in the 2.4\nrelease :\n\n - URL Aliases\n\n - tech-note search capability\n\n - Various added command line options\n\n - Annation depth is now configurable\n\nThe following legacy options are no longer available :\n\n - --no-dir-symlinks option\n\n - legacy configuration sync protocol\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071709\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fossil packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fossil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fossil-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fossil-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2|SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2 / 42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"fossil-2.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"fossil-debuginfo-2.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"fossil-debugsource-2.4-5.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"fossil-2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"fossil-debuginfo-2.4-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"fossil-debugsource-2.4-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fossil / fossil-debuginfo / fossil-debugsource\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T03:06:00", "description": "The remote host is affected by the vulnerability described in GLSA-201801-20\n(Fossil: User-assisted execution of arbitrary code)\n\n Fossil does not properly validate SSH sync protocol URLs.\n \nImpact :\n\n A remote attacker, by enticing a user to open a specially crafted URL,\n could possibly execute arbitrary commands with the privileges of the user\n running the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2018-01-29T00:00:00", "title": "GLSA-201801-20 : Fossil: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17459"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:fossil"], "id": "GENTOO_GLSA-201801-20.NASL", "href": "https://www.tenable.com/plugins/nessus/106429", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201801-20.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106429);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2017-17459\");\n script_xref(name:\"GLSA\", value:\"201801-20\");\n\n script_name(english:\"GLSA-201801-20 : Fossil: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201801-20\n(Fossil: User-assisted execution of arbitrary code)\n\n Fossil does not properly validate SSH sync protocol URLs.\n \nImpact :\n\n A remote attacker, by enticing a user to open a specially crafted URL,\n could possibly execute arbitrary commands with the privileges of the user\n running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201801-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Fossil users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-vcs/fossil-2.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:fossil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-vcs/fossil\", unaffected:make_list(\"ge 2.4\"), vulnerable:make_list(\"lt 2.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Fossil\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T02:37:32", "description": " - Update to 2.8 fixes rhbz#1581180 rhbz#1603993\n rhbz#1674893 and rhbz#1524335\n\n - Removed upstreamed patch\n\n - Bug 1524335 - CVE-2017-17459 fossil: Command injection\n via malicious ssh URLs [fedora-all]\n\n - Bug 1581180 - Update fossil version to 2.6 (currently is\n 2.2)\n\n - Bug 1603993 - fossil: FTBFS in Fedora rawhide\n\n - Bug 1674893 - fossil: FTBFS in Fedora rawhide/f30\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-15T00:00:00", "title": "Fedora 30 : fossil (2019-f350634b40)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17459"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:fossil"], "id": "FEDORA_2019-F350634B40.NASL", "href": "https://www.tenable.com/plugins/nessus/126665", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f350634b40.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126665);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2017-17459\");\n script_xref(name:\"FEDORA\", value:\"2019-f350634b40\");\n\n script_name(english:\"Fedora 30 : fossil (2019-f350634b40)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 2.8 fixes rhbz#1581180 rhbz#1603993\n rhbz#1674893 and rhbz#1524335\n\n - Removed upstreamed patch\n\n - Bug 1524335 - CVE-2017-17459 fossil: Command injection\n via malicious ssh URLs [fedora-all]\n\n - Bug 1581180 - Update fossil version to 2.6 (currently is\n 2.2)\n\n - Bug 1603993 - fossil: FTBFS in Fedora rawhide\n\n - Bug 1674893 - fossil: FTBFS in Fedora rawhide/f30\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f350634b40\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected fossil package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:fossil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"fossil-2.8-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"fossil\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
