Debian DSA-4489-1 : patch - security update

2019-07-2900:00:00

www.tenable.com

7.9 High

AI Score

Confidence

High

JSON

Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.

This update includes a bugfix for a regression introduced by the patch to address CVE-2018-1000156 when applying an ed-style patch (#933140).

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4489. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(127102);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/08");

  script_cve_id("CVE-2019-13636", "CVE-2019-13638");
  script_xref(name:"DSA", value:"4489");

  script_name(english:"Debian DSA-4489-1 : patch - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"Imre Rad discovered several vulnerabilities in GNU patch, leading to
shell command injection or escape from the working directory and
access and overwrite files, if specially crafted patch files are
processed.

This update includes a bugfix for a regression introduced by the patch
to address CVE-2018-1000156 when applying an ed-style patch (#933140).");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933140");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-1000156");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/patch");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/patch");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/patch");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4489");
  script_set_attribute(attribute:"solution", value:
"Upgrade the patch packages.

For the oldstable distribution (stretch), these problems have been
fixed in version 2.7.5-1+deb9u2.

For the stable distribution (buster), these problems have been fixed
in version 2.7.6-3+deb10u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13638");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:patch");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"10.0", prefix:"patch", reference:"2.7.6-3+deb10u1")) flag++;
if (deb_check(release:"9.0", prefix:"patch", reference:"2.7.5-1+deb9u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxpatchp-cpe:/a:debian:debian_linux:patch
debiandebian_linux10.0cpe:/o:debian:debian_linux:10.0
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

Vendor	Product	Version	CPE
debian	debian_linux	patch	p-cpe:/a:debian:debian_linux:patch
debian	debian_linux	10.0	cpe:/o:debian:debian_linux:10.0
debian	debian_linux	9.0	cpe:/o:debian:debian_linux:9.0