Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2024-4083.NASLHistoryJun 25, 2024 - 12:00 a.m.
AlmaLinux 9 : git (ALSA-2024:4083)
2024-06-2500:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
almalinux 9
vulnerabilities
rce
symlink bypass
alsa-2024:4083
git package
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
7
Confidence
Low
EPSS
0.002
Percentile
51.7%
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4083 advisory.
* git: Recursive clones RCE (CVE-2024-32002)
* git: RCE while cloning local repos (CVE-2024-32004)
* git: additional local RCE (CVE-2024-32465)
* git: insecure hardlinks (CVE-2024-32020)
* git: symlink bypass (CVE-2024-32021)
Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2024:4083.
##
include('compat.inc');
if (description)
{
script_id(200988);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/25");
script_cve_id(
"CVE-2024-32002",
"CVE-2024-32004",
"CVE-2024-32020",
"CVE-2024-32021",
"CVE-2024-32465"
);
script_xref(name:"ALSA", value:"2024:4083");
script_name(english:"AlmaLinux 9 : git (ALSA-2024:4083)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2024:4083 advisory.
* git: Recursive clones RCE (CVE-2024-32002)
* git: RCE while cloning local repos (CVE-2024-32004)
* git: additional local RCE (CVE-2024-32465)
* git: insecure hardlinks (CVE-2024-32020)
* git: symlink bypass (CVE-2024-32021)
Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/9/ALSA-2024-4083.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-32002");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(114, 22, 434, 61, 62);
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/14");
script_set_attribute(attribute:"patch_publication_date", value:"2024/06/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-all");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-core-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-credential-libsecret");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-email");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-gui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-instaweb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-subtree");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:git-svn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:gitk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:gitweb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:perl-Git");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:perl-Git-SVN");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::appstream");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::baseos");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::crb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::highavailability");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::nfv");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::realtime");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::resilientstorage");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap_hana");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::supplementary");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var pkgs = [
{'reference':'git-2.43.5-1.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-2.43.5-1.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-all-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-core-2.43.5-1.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-core-2.43.5-1.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-core-doc-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-credential-libsecret-2.43.5-1.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-credential-libsecret-2.43.5-1.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-daemon-2.43.5-1.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-daemon-2.43.5-1.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-email-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-gui-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-instaweb-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-subtree-2.43.5-1.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-subtree-2.43.5-1.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'git-svn-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gitk-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'gitweb-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Git-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perl-Git-SVN-2.43.5-1.el9_4', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-credential-libsecret / etc');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32465
errata.almalinux.org/9/ALSA-2024-4083.html
Related
nessus
nessus
Oracle Linux 9 : git (ELSA-2024-4083)
2024-06-25 00:00:00
AlmaLinux 8 : git (ALSA-2024:4084)
2024-06-25 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1807-1)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for git (EulerOS-SA-2024-2365)
2024-09-12 00:00:00
Slackware: Security Advisory (SSA:2024-136-02)
2024-05-16 00:00:00
rocky
rocky
git security update
2024-07-02 14:11:35
git security update
2024-07-02 14:10:24
almalinux
almalinux
Important: git security update
2024-06-25 00:00:00
Important: git security update
2024-06-25 00:00:00
kaspersky
kaspersky
KLA67449 Multiple vulnerabilities in Git for Windows
2024-05-14 00:00:00
KLA67403 Multiple vulnerabilities in Microsoft Developer Tools
2024-05-14 00:00:00
osv
osv
Important: git security update
2024-06-25 00:00:00
Important: git security update
2024-07-02 14:10:24
Important: git security update
2024-07-02 14:11:35
ubuntu
ubuntu
Git vulnerabilities
2024-05-28 00:00:00
Git vulnerability
2024-06-18 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: git-2.45.1-1.fc40
2024-05-17 01:09:13
redhat
redhat
(RHSA-2024:4083) Important: git security update
2024-06-25 07:52:01
(RHSA-2024:4368) Important: git security update
2024-07-08 11:09:29
(RHSA-2024:4084) Important: git security update
2024-06-25 07:52:08
mageia
mageia
Updated git packages fix security vulnerabilities
2024-06-03 21:30:48
slackware
slackware
[slackware-security] git
2024-05-16 02:33:18
cloudfoundry
cloudfoundry
USN-6793-1: Git vulnerabilities | Cloud Foundry
2024-07-25 00:00:00
oraclelinux
oraclelinux
git security update
2024-06-25 00:00:00
git security update
2024-06-25 00:00:00
redos
redos
ROS-20240527-04
2024-05-27 00:00:00
ROS-20240529-03
2024-05-29 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-5.0-0271
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0611
2024-05-15 00:00:00
Critical Photon OS Security Update - PHSA-2024-3.0-0761
2024-05-29 00:00:00
amazon
amazon
Important: git
2024-05-23 21:37:00
Important: git
2024-05-23 22:04:00
nvd
nvd
vulnrichment
vulnrichment
debiancve
debiancve
redhatcve
redhatcve
ubuntucve
ubuntucve
cvelist
cvelist
cve
cve
alpinelinux
alpinelinux
cbl_mariner
cbl_mariner
CVE-2024-32465 affecting package git for versions less than 2.45.2-1
2024-07-22 23:01:50
CVE-2024-32020 affecting package git for versions less than 2.45.2-1
2024-07-22 23:01:50
CVE-2024-32021 affecting package git for versions less than 2.39.4-1
2024-05-28 18:18:21
wolfi
wolfi
CVE-2024-32020 vulnerabilities
2024-09-20 21:14:10
CVE-2024-32465 vulnerabilities
2024-09-20 21:14:10
CVE-2024-32021 vulnerabilities
2024-09-20 21:14:10
cloudlinux
cloudlinux
git: Fix of CVE-2024-32004
2024-09-06 20:50:55
mscve
mscve
githubexploit
githubexploit
Exploit for CVE-2024-32004
2024-05-20 14:59:16
Exploit for Path Traversal in Git
2024-08-17 16:43:26
Exploit for Link Following in Git
2024-07-02 13:02:50
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
7
Confidence
Low
EPSS
0.002
Percentile
51.7%
Related for ALMA_LINUX_ALSA-2024-4083.NASL