Debian DSA-2453-1 : gajim - several vulnerabilities

2012-04-1700:00:00

www.tenable.com

Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client. The Common Vulnerabilities and Exposures project identifies the following problems :

CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to execute arbitrary code on behalf of the victim if the user e.g. clicks on a specially crafted URL in an instant message.
CVE-2012-2093 Gajim is using predictable temporary files in an insecure manner when converting instant messages containing LaTeX to images. A local attacker can use this flaw to conduct symlink attacks and overwrite files the victim has write access to.
CVE-2012-2086 Gajim is not properly sanitizing input when logging conversations which results in the possibility to conduct SQL injection attacks.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2453. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(58766);
  script_version("1.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2012-2085", "CVE-2012-2086", "CVE-2012-2093");
  script_bugtraq_id(52943);
  script_xref(name:"DSA", value:"2453");

  script_name(english:"Debian DSA-2453-1 : gajim - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in Gajim, a feature-rich
Jabber client. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2012-1987
    Gajim is not properly sanitizing input before passing it
    to shell commands. An attacker can use this flaw to
    execute arbitrary code on behalf of the victim if the
    user e.g. clicks on a specially crafted URL in an
    instant message.

  - CVE-2012-2093
    Gajim is using predictable temporary files in an
    insecure manner when converting instant messages
    containing LaTeX to images. A local attacker can use
    this flaw to conduct symlink attacks and overwrite files
    the victim has write access to.

  - CVE-2012-2086
    Gajim is not properly sanitizing input when logging
    conversations which results in the possibility to
    conduct SQL injection attacks."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668038"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-1987"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2093"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2086"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/gajim"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2012/dsa-2453"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the gajim packages.

For the stable distribution (squeeze), this problem has been fixed in
version 0.13.4-3+squeeze3."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gajim");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"gajim", reference:"0.13.4-3+squeeze3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxgajimp-cpe:/a:debian:debian_linux:gajim
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Vendor	Product	Version	CPE
debian	debian_linux	gajim	p-cpe:/a:debian:debian_linux:gajim
debian	debian_linux	6.0	cpe:/o:debian:debian_linux:6.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2085

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2086

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2093

bugs.debian.org/cgi-bin/bugreport.cgi?bug=668038

packages.debian.org/source/squeeze/gajim

security-tracker.debian.org/tracker/CVE-2012-1987

security-tracker.debian.org/tracker/CVE-2012-2086

security-tracker.debian.org/tracker/CVE-2012-2093

www.debian.org/security/2012/dsa-2453

JSON

Related for DEBIAN_DSA-2453.NASL