Debian DLA-2214-1 : libexif security update

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2214-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(136674);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/12");

  script_cve_id(
    "CVE-2016-6328",
    "CVE-2017-7544",
    "CVE-2018-20030",
    "CVE-2020-0093",
    "CVE-2020-12767"
  );

  script_name(english:"Debian DLA-2214-1 : libexif security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Various vulnerabilities have been addressed in libexif, a library to
parse EXIF metadata files.

CVE-2016-6328

An integer overflow when parsing the MNOTE entry data of the input
file had been found. This could have caused denial of service (DoS)
and Information Disclosure (disclosing some critical heap chunk
metadata, even other applications' private data).

CVE-2017-7544

libexif had been vulnerable to out-of-bounds heap read vulnerability
in exif_data_save_data_entry function in libexif/exif-data.c caused by
improper length computation of the allocated data of an ExifMnote
entry which could have caused denial of service or possibly
information disclosure.

CVE-2018-20030

An error when processing the EXIF_IFD_INTEROPERABILITY and
EXIF_IFD_EXIF tags within libexif version could have been exploited to
exhaust available CPU resources.

CVE-2020-0093

In exif_data_save_data_entry of exif-data.c, there was a possible out
of bounds read due to a missing bounds check. This could have lead to
local information disclosure with no additional execution privileges
needed. User interaction was needed for exploitation.

CVE-2020-12767

libexif had a divide-by-zero error in exif_entry_get_value in
exif-entry.c

For Debian 8 'Jessie', these problems have been fixed in version
0.6.21-2+deb8u2.

We recommend that you upgrade your libexif packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/jessie/libexif");
  script_set_attribute(attribute:"solution", value:
"Upgrade the affected libexif-dev, and libexif12 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7544");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libexif-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libexif12");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"libexif-dev", reference:"0.6.21-2+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libexif12", reference:"0.6.21-2+deb8u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");