Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-3150.NASLHistoryOct 12, 2022 - 12:00 a.m.
Debian DLA-3150-1 : rexical - LTS security update
2022-10-1200:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3150 advisory.
- A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby’s
Kernel.openmethod. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_fileis being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
(CVE-2019-5477)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3150. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(166068);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/10/12");
script_cve_id("CVE-2019-5477");
script_name(english:"Debian DLA-3150-1 : rexical - LTS security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3150
advisory.
- A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a
subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method
`Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This
vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by
Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was
addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
(CVE-2019-5477)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940905");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/rexical");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2022/dla-3150");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-5477");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/rexical");
script_set_attribute(attribute:"solution", value:
"Upgrade the rexical packages.
For Debian 10 buster, this problem has been fixed in version 1.0.5-2+deb10u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5477");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rexical");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(10)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);
var pkgs = [
{'release': '10.0', 'prefix': 'rexical', 'reference': '1.0.5-2+deb10u1'}
];
var flag = 0;
foreach package_array ( pkgs ) {
var release = NULL;
var prefix = NULL;
var reference = NULL;
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (release && prefix && reference) {
if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : deb_report_get()
);
exit(0);
}
else
{
var tested = deb_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rexical');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | rexical | p-cpe:/a:debian:debian_linux:rexical |
| debian | debian_linux | 10.0 | cpe:/o:debian:debian_linux:10.0 |
Related
veracode
veracode
Command Injection
2019-08-14 02:08:23
ubuntucve
ubuntucve
CVE-2019-5477
2019-08-16 00:00:00
debian
debian
[SECURITY] [DLA 1933-1] ruby-nokogiri security update
2019-09-26 01:55:01
[SECURITY] [DLA 3150-1] rexical security update
2022-10-12 14:46:30
[SECURITY] [DLA 3149-1] ruby-nokogiri security update
2022-10-12 14:46:26
gentoo
gentoo
Nokogiri: Command injection
2020-06-13 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1933-1)
2019-09-27 00:00:00
Ubuntu: Security Advisory (USN-4175-1)
2019-11-06 00:00:00
Debian: Security Advisory (DLA-3150-1)
2022-10-13 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS : Nokogiri vulnerability (USN-4175-1)
2019-11-06 00:00:00
GLSA-202006-05 : Nokogiri: Command injection
2020-06-17 00:00:00
osv
osv
Nokogiri Command Injection Vulnerability
2019-08-19 19:27:23
ruby-nokogiri - security update
2019-09-26 00:00:00
CVE-2019-5477
2019-08-16 16:15:10
debiancve
debiancve
CVE-2019-5477
2019-08-16 16:15:00
prion
prion
Command injection
2019-08-16 16:15:00
ubuntu
ubuntu
Nokogiri vulnerability
2019-11-05 00:00:00
freebsd
freebsd
Nokogiri -- injection vulnerability
2019-08-11 00:00:00
cve
cve
CVE-2019-5477
2019-08-16 16:15:00
github
github
Nokogiri Command Injection Vulnerability
2019-08-19 19:27:23
alpinelinux
alpinelinux
CVE-2019-5477
2019-08-16 16:15:00
mageia
mageia
Updated ruby-nokogiri packages fix security vulnerabilities
2021-02-04 16:40:24
suse
suse
Security update for rubygem-nokogiri (important)
2021-02-05 00:00:00
ibm
ibm
photon
photon
Related for DEBIAN_DLA-3150.NASL