Lucene search

K
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2019-1301.NASL
HistoryOct 04, 2019 - 12:00 a.m.

Amazon Linux 2 : libxml2 (ALAS-2019-1301)

2019-10-0400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23

9.1 High

AI Score

Confidence

High

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. (CVE-2016-4658)

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a ‘%’ character in a DTD name. (CVE-2017-16931)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1301.
#

include('compat.inc');

if (description)
{
  script_id(129559);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id("CVE-2016-4658", "CVE-2017-16931");
  script_xref(name:"ALAS", value:"2019-1301");

  script_name(english:"Amazon Linux 2 : libxml2 (ALAS-2019-1301)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS
X before 10.12, tvOS before 10, and watchOS before 3, and other
products) does not forbid namespace nodes in XPointer ranges, which
allows remote attackers to execute arbitrary code or cause a denial of
service (use-after-free and memory corruption) via a crafted XML
document. (CVE-2016-4658)

parser.c in libxml2 before 2.9.5 mishandles parameter-entity
references because the NEXTL macro calls the
xmlParserHandlePEReference function in the case of a '%' character in
a DTD name. (CVE-2017-16931)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1301.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update libxml2' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4658");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2017-16931");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libxml2-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"libxml2-2.9.1-6.amzn2.3.3")) flag++;
if (rpm_check(release:"AL2", reference:"libxml2-debuginfo-2.9.1-6.amzn2.3.3")) flag++;
if (rpm_check(release:"AL2", reference:"libxml2-devel-2.9.1-6.amzn2.3.3")) flag++;
if (rpm_check(release:"AL2", reference:"libxml2-python-2.9.1-6.amzn2.3.3")) flag++;
if (rpm_check(release:"AL2", reference:"libxml2-static-2.9.1-6.amzn2.3.3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-debuginfo / libxml2-devel / libxml2-python / etc");
}
VendorProductVersionCPE
amazonlinuxlibxml2p-cpe:/a:amazon:linux:libxml2
amazonlinuxlibxml2-debuginfop-cpe:/a:amazon:linux:libxml2-debuginfo
amazonlinuxlibxml2-develp-cpe:/a:amazon:linux:libxml2-devel
amazonlinuxlibxml2-pythonp-cpe:/a:amazon:linux:libxml2-python
amazonlinuxlibxml2-staticp-cpe:/a:amazon:linux:libxml2-static
amazonlinux2cpe:/o:amazon:linux:2