Dnspython < 2.6.0rc1 DoS

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(192941);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/16");

  script_cve_id("CVE-2023-29483");
  script_xref(name:"IAVB", value:"2024-B-0029");

  script_name(english:"Dnspython < 2.6.0rc1 DoS");

  script_set_attribute(attribute:"synopsis", value:
"A Python library installed on the remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of dnspython installed on the remote host is prior to 2.6.0rc1. It is, therefore, affected by a
denial of service (DoS) vulnerability. The dnspython stub resolver is vulnerable to a potential DoS if a 
bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the
UDP port dnspython is using for that query. In this situation, dnspython might switch to querying another resolver or
give up entirely, possibly denying service for that resolution.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number. Also note that this plugin does not distinguish between Python packages installed via the OS package manager,
Python packages installed via PIP, or other sources. As a result, packages provided by your OS package repository may
have backported fixes that this plugin may incorrectly report as vulnerable. Please refer to the OS-specific plugins for
CVE-2023-29483 to check for backported fixes.");
  script_set_attribute(attribute:"see_also", value:"https://www.dnspython.org/news/2.6.0rc1/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to dnspython version 2.6.0rc1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29483");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:python:dnspython");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("python_packages_installed_nix.nbin");
  script_require_keys("Host/nix/Python/Packages/Enumerated");

  exit(0);
}

include('vcf.inc');
include('python.inc');

get_kb_item_or_exit("Host/nix/Python/Packages/Enumerated");

var os = 'nix';
var pkg = 'dnspython';
var found_lib, libs = [];

found_lib = python::query_python_package(os:os, pkg_name:pkg);
if (!empty_or_null(found_lib))
{
  foreach (var found in found_lib)
  {
    found.pkg_name = pkg;
    append_element(var:libs, value:found);
  }
}

if (empty_or_null(libs))
  audit(AUDIT_HOST_NOT, 'affected');

var lib = branch(libs);
var lib_info = {
  'app' : lib.pkg_name,
  'version' : lib.version,
  'display_version' : lib.version,
  'parsed_version' : vcf::parse_version(lib.version),
  'path' : lib.path + '/' + lib.pkg_name
};

var constraints = [
  { 'fixed_version' : '2.6.0rc1' }
];

vcf::check_version_and_report(app_info:lib_info, constraints:constraints, severity:SECURITY_WARNING);