Fedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-d5cf1a55ce.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(101725);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2017-6891");
  script_xref(name:"FEDORA", value:"2017-d5cf1a55ce");

  script_name(english:"Fedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Noteworthy changes in release 4.11 (released 2017-05-27) [stable]

  - Introduced the ASN1_TIME_ENCODING_ERROR error code to
    indicate an invalid encoding in the DER time fields.

  - Introduced flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME.
    This flag allows decoding errors in time fields even
    when in strict DER mode. That is introduced in order to
    allow toleration of invalid times in X.509 certificates
    (which are common) even though strict DER adherence is
    enforced in other fields.

  - Added safety check in asn1_find_node(). That prevents a
    crash when a very long variable name is provided by the
    developer. Note that this to be exploited requires
    controlling the ASN.1 definitions used by the developer,
    i.e., the 'name' parameter of asn1_write_value() or
    asn1_read_value(). The library is not designed to
    protect against malicious manipulation of the developer
    assigned variable names. Reported by Jakub Jirasek.

Noteworthy changes in release 4.10 (released 2017-01-16) [stable]

  - Updated gnulib

  - Removed -Werror from default compiler flags

  - Fixed undefined behavior when negating integers in
    _asn1_ltostr(). Issue found by oss-fuzz project (via
    gnutls):
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38
    8

  - Pass the correct length to
    _asn1_get_indefinite_length_string in
    asn1_get_length_ber. This addresses reading 1-byte past
    the end of data. Issue found by oss-fuzz project (via
    gnutls):
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33
    0
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33
    1

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-d5cf1a55ce"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=331"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mingw-libtasn1 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mingw-libtasn1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:26");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^26([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 26", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC26", reference:"mingw-libtasn1-4.12-1.fc26")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mingw-libtasn1");
}