Lucene search

K
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AIX_IJ47630.NASL
HistoryJul 26, 2023 - 12:00 a.m.

AIX 7.3 TL 1 : libxml2 (IJ47630)

2023-07-2600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
aix 7.3
libxml2
denial of service
remote attacker
xml content

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.2%

https://vulners.com/cve/CVE-2023-29469 GNOME libxml2 is vulnerable to a denial of service, caused by a double free flaw in the xmlDictComputeFastKey function due to hashing empty strings are not null-terminated. By persuading a victim to open a specially crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition. GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the xmlSchemaFixupComplexType function. By persuading a victim to open a specially crafted XML content, a remote attacker could exploit this vulnerability to cause a denial of service condition.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory libxml2_advisory5.asc.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(178849);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/31");

  script_cve_id("CVE-2023-28484", "CVE-2023-29469");

  script_name(english:"AIX 7.3 TL 1 : libxml2 (IJ47630)");
  script_summary(english:"Check for APAR IJ47630");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469 GNOME
libxml2 is vulnerable to a denial of service, caused by a double free
flaw in the xmlDictComputeFastKey function due to hashing empty
strings are not null-terminated. By persuading a victim to open a
specially crafted XML content, a remote attacker could exploit this
vulnerability to cause a denial of service condition. GNOME libxml2 is
vulnerable to a denial of service, caused by a NULL pointer
dereference flaw in the xmlSchemaFixupComplexType function. By
persuading a victim to open a specially crafted XML content, a remote
attacker could exploit this vulnerability to cause a denial of service
condition."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory5.asc"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29469");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.3", ml:"01", sp:"01", patch:"IJ47630m2a", package:"bos.rte.control", minfilesetver:"7.3.1.0", maxfilesetver:"7.3.1.1") < 0) flag++;
if (aix_check_ifix(release:"7.3", ml:"01", sp:"02", patch:"IJ47630m2a", package:"bos.rte.control", minfilesetver:"7.3.1.0", maxfilesetver:"7.3.1.1") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

53.2%