Debian DLA-273-1 : tidy security update

2015-07-2000:00:00

www.tenable.com

Fernando Muñoz discovered a security issue on the HTML syntax checker and reformatter tidy. Tidy did not properly process specific character sequences, and a remote attacker could exploit this flaw to cause a DoS, or probably, execute arbitrary code. Two different CVEs were assigned to this issue.

CVE-2015-5522

Malformed html documents could lead to a heap-buffer-overflow.

CVE-2015-5523

Malformed html documents could lead to allocate 4Gb of memory.

For the Squeeze distribution, this issue has been fixed in the 20091223cvs-1+deb6u1 version of tidy.

We recommend that you upgrade your tidy packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-273-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84831);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-5522", "CVE-2015-5523");
  script_bugtraq_id(75037);

  script_name(english:"Debian DLA-273-1 : tidy security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Fernando Mu&ntilde;oz discovered a security issue on the HTML syntax
checker and reformatter tidy. Tidy did not properly process specific
character sequences, and a remote attacker could exploit this flaw to
cause a DoS, or probably, execute arbitrary code. Two different CVEs
were assigned to this issue.

CVE-2015-5522

Malformed html documents could lead to a heap-buffer-overflow.

CVE-2015-5523

Malformed html documents could lead to allocate 4Gb of memory.

For the Squeeze distribution, this issue has been fixed in the
20091223cvs-1+deb6u1 version of tidy.

We recommend that you upgrade your tidy packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2015/07/msg00011.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze-lts/tidy"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtidy-0.99-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtidy-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tidy-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"libtidy-0.99-0", reference:"20091223cvs-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"libtidy-dev", reference:"20091223cvs-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"tidy", reference:"20091223cvs-1+deb6u1")) flag++;
if (deb_check(release:"6.0", prefix:"tidy-doc", reference:"20091223cvs-1+deb6u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxlibtidy-0.99-0p-cpe:/a:debian:debian_linux:libtidy-0.99-0
debiandebian_linuxlibtidy-devp-cpe:/a:debian:debian_linux:libtidy-dev
debiandebian_linuxtidyp-cpe:/a:debian:debian_linux:tidy
debiandebian_linuxtidy-docp-cpe:/a:debian:debian_linux:tidy-doc
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Vendor	Product	Version	CPE
debian	debian_linux	libtidy-0.99-0	p-cpe:/a:debian:debian_linux:libtidy-0.99-0
debian	debian_linux	libtidy-dev	p-cpe:/a:debian:debian_linux:libtidy-dev
debian	debian_linux	tidy	p-cpe:/a:debian:debian_linux:tidy
debian	debian_linux	tidy-doc	p-cpe:/a:debian:debian_linux:tidy-doc
debian	debian_linux	6.0	cpe:/o:debian:debian_linux:6.0