Fedora 19 : moodle-2.4.7-1.fc19 (2013-21397)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-21397.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71066);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-3630", "CVE-2013-6780");
  script_xref(name:"FEDORA", value:"2013-21397");

  script_name(english:"Fedora 19 : moodle-2.4.7-1.fc19 (2013-21397)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Latest upstreams, multiple security fixes.

Name: CVE-2013-6780 URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6780 Assigned:
20131112 Reference:
https://yuilibrary.com/support/20131111-vulnerability/

Cross-site scripting (XSS) vulnerability in uploader.swf in the
Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote
attackers to inject arbitrary web script or HTML via the allowedDomain
parameter.

Name: CVE-2013-3630 URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630
[Open'>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3630'>Op
en URL] Assigned: 20130521 Reference:
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seve
n-foss-disclosures-part-one
[Open'>https://community.rapid7.com/community/metasploit/blog/2013/10/
30/seven-foss-disclosures-part-one'>Open URL] Reference:
https://community.rapid7.com/community/metasploit/blog/2013/10/30/seve
n-tricks-and-treats
[Open'>https://community.rapid7.com/community/metasploit/blog/2013/10/
30/seven-tricks-and-treats'>Open URL]

Moodle through 2.5.2 allows remote authenticated administrators to
execute arbitrary programs by configuring the aspell pathname and then
triggering a spell-check operation within the TinyMCE editor.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1025655"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1025656"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030084"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030085"
  );
  # https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?525142bc"
  );
  # https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c21b826a"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/122391.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a74fd84e"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://yuilibrary.com/support/20131111-vulnerability/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected moodle package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Moodle Remote Command Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/25");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"moodle-2.4.7-1.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle");
}