Debian DSA-2269-1 : iceape - several vulnerabilities

2011-07-05T00:00:00
ID DEBIAN_DSA-2269.NASL
Type nessus
Reporter Tenable
Modified 2018-08-09T00:00:00

Description

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey :

  • CVE-2011-0083 / CVE-2011-2363 'regenrecht' discovered two use-after-frees in SVG processing, which could lead to the execution of arbitrary code.

  • CVE-2011-0085 'regenrecht' discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.

  • CVE-2011-2362 David Chan discovered that cookies were insufficiently isolated.

  • CVE-2011-2371 Chris Rohlf and Yan Ivnitskiy discovered an integer overflow in the JavaScript engine, which could lead to the execution of arbitrary code.

  • CVE-2011-2373 Martin Barbella discovered a use-after-free in XUL processing, which could lead to the execution of arbitrary code.

  • CVE-2011-2374 Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse Ruderman and Christian Biesinger discovered memory corruption bugs, which may lead to the execution of arbitrary code.

  • CVE-2011-2376 Luke Wagner and Gary Kwong discovered memory corruption bugs, which may lead to the execution of arbitrary code.

The oldstable distribution (lenny) is not affected. The iceape package only provides the XPCOM code.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2269. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55489);
  script_version("1.14");
  script_cvs_date("Date: 2018/08/09 17:06:37");

  script_cve_id("CVE-2011-0083", "CVE-2011-0085", "CVE-2011-2362", "CVE-2011-2363", "CVE-2011-2365", "CVE-2011-2371", "CVE-2011-2373", "CVE-2011-2374", "CVE-2011-2376");
  script_xref(name:"DSA", value:"2269");

  script_name(english:"Debian DSA-2269-1 : iceape - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been found in the Iceape internet suite,
an unbranded version of SeaMonkey :

  - CVE-2011-0083 / CVE-2011-2363
    'regenrecht' discovered two use-after-frees in SVG
    processing, which could lead to the execution of
    arbitrary code.

  - CVE-2011-0085
    'regenrecht' discovered a use-after-free in XUL
    processing, which could lead to the execution of
    arbitrary code.

  - CVE-2011-2362
    David Chan discovered that cookies were insufficiently
    isolated.

  - CVE-2011-2371
    Chris Rohlf and Yan Ivnitskiy discovered an integer
    overflow in the JavaScript engine, which could lead to
    the execution of arbitrary code.

  - CVE-2011-2373
    Martin Barbella discovered a use-after-free in XUL
    processing, which could lead to the execution of
    arbitrary code.

  - CVE-2011-2374
    Bob Clary, Kevin Brosnan, Nils, Gary Kwong, Jesse
    Ruderman and Christian Biesinger discovered memory
    corruption bugs, which may lead to the execution of
    arbitrary code.

  - CVE-2011-2376
    Luke Wagner and Gary Kwong discovered memory corruption
    bugs, which may lead to the execution of arbitrary code.

The oldstable distribution (lenny) is not affected. The iceape package
only provides the XPCOM code."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-0083"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-0085"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2373"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2374"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-2376"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/iceape"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2011/dsa-2269"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the iceape packages.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-6."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Mozilla Firefox Array.reduceRight() Integer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:iceape");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/07/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"iceape", reference:"2.0.11-6")) flag++;
if (deb_check(release:"6.0", prefix:"iceape-browser", reference:"2.0.11-6")) flag++;
if (deb_check(release:"6.0", prefix:"iceape-chatzilla", reference:"2.0.11-6")) flag++;
if (deb_check(release:"6.0", prefix:"iceape-dbg", reference:"2.0.11-6")) flag++;
if (deb_check(release:"6.0", prefix:"iceape-dev", reference:"2.0.11-6")) flag++;
if (deb_check(release:"6.0", prefix:"iceape-mailnews", reference:"2.0.11-6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");