Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Debian DSA-4797-1 : webkit2gtk - security update

🗓️ 25 Nov 2020 00:00:00Reported by This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus
 nessus🔗 www.tenable.com👁 56 Views

Debian DSA-4797-1 webkit2gtk security update, multiple arbitrary code execution vulnerabilitie

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Debian		[SECURITY] [DSA 4797-1] webkit2gtk security update
24 Nov 202018:45
debian
OpenVAS		Mageia: Security Advisory (MGASA-2020-0441)
28 Jan 202200:00
openvas
OpenVAS		Apple Safari Security Update (APPLE-SA-2020-09-16-3)
22 Sep 202000:00
openvas
OpenVAS		Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-145877bcd3)
29 Nov 202000:00
openvas
OpenVAS		Fedora: Security Advisory for webkit2gtk3 (FEDORA-2020-e8a7566e80)
4 Dec 202000:00
openvas
OpenVAS		Ubuntu: Security Advisory (USN-4648-1)
27 Nov 202000:00
openvas
OpenVAS		SUSE: Security Advisory (SUSE-SU-2020:3864-1)
19 Apr 202100:00
openvas
OpenVAS		SUSE: Security Advisory (SUSE-SU-2020:3867-1)
9 Jun 202100:00
openvas
OpenVAS		Debian: Security Advisory (DSA-4797-1)
26 Nov 202000:00
openvas
OpenVAS		SUSE: Security Advisory (SUSE-SU-2021:1990-1)
18 Jun 202100:00
openvas
Rows per page
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-4797. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(143260);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/08");

  script_cve_id(
    "CVE-2020-13584",
    "CVE-2020-9948",
    "CVE-2020-9951",
    "CVE-2020-9983"
  );
  script_xref(name:"DSA", value:"4797");

  script_name(english:"Debian DSA-4797-1 : webkit2gtk - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
  script_set_attribute(attribute:"description", value:
"The following vulnerabilities have been discovered in the webkit2gtk
web engine :

  - CVE-2020-9948
    Brendan Draper discovered that processing maliciously
    crafted web content may lead to arbitrary code
    execution.

  - CVE-2020-9951
    Marcin Noga discovered that processing maliciously
    crafted web content may lead to arbitrary code
    execution.

  - CVE-2020-9983
    zhunki discovered that processing maliciously crafted
    web content may lead to code execution.

  - CVE-2020-13584
    Cisco discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-9948");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-9951");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-9983");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-13584");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/webkit2gtk");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/webkit2gtk");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2020/dsa-4797");
  script_set_attribute(attribute:"solution", value:
"Upgrade the webkit2gtk packages.

For the stable distribution (buster), these problems have been fixed
in version 2.30.3-1~deb10u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-9983");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/10/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webkit2gtk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"10.0", prefix:"gir1.2-javascriptcoregtk-4.0", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"gir1.2-webkit2-4.0", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libjavascriptcoregtk-4.0-18", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libjavascriptcoregtk-4.0-bin", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libjavascriptcoregtk-4.0-dev", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libwebkit2gtk-4.0-37", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libwebkit2gtk-4.0-37-gtk2", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libwebkit2gtk-4.0-dev", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"libwebkit2gtk-4.0-doc", reference:"2.30.3-1~deb10u1")) flag++;
if (deb_check(release:"10.0", prefix:"webkit2gtk-driver", reference:"2.30.3-1~deb10u1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
25 Nov 2020 00:00Current
9High risk
Vulners AI Score9
CVSS26.8
CVSS38.8
EPSS0.00862
debiandsa-4797-1webkit2gtksecurityupdatevulnerabilitiesarbitrary code executioncve-2020-9948cve-2020-9951cve-2020-9983cve-2020-13584brendan drapermarcin nogazhunkiciscoweb enginemaliciously crafted web contentcode execution
56
.json
Report