Version 6.0.6
SECURITY Fix potential object injection vulnerability.CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.
Added Tagalog translation, thanks to StoneArtz
Added Malagache translation, thanks to Hackinet
Updated Serbian translation, fixed incorrect language code, thanks to mmilanovic4
Updated Arabic translations (MicroDroid)
Updated Hungarian translations
Updated Dutch translations
Updated Slovenian translation (filips123)
Updated Slovak translation (pcmanik)
Updated Italian translation (sabas)
Updated Norwegian translation (aleskr)
Updated Indonesian translation (mylastof)
Add constants for common values, such as text/html and quoted-printable, and use them
Added support for copied headers in DKIM, helping with debugging, and an option to add extra headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks to gwi-mmuths.
Add Campaign Monitor transaction ID pattern matcher
Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP 7.3 build to Travis config.
Expanded test coverage
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2018-0f5e6e9957.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(120237);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2018-19296");
script_xref(name:"FEDORA", value:"2018-0f5e6e9957");
script_name(english:"Fedora 28 : php-phpmailer6 (2018-0f5e6e9957)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"**Version 6.0.6**
- **SECURITY** Fix potential object injection
vulnerability. **CVE-2018-19296**. Reported by Sehun Oh
of cyberone.kr.
- Added Tagalog translation, thanks to StoneArtz
- Added Malagache translation, thanks to Hackinet
- Updated Serbian translation, fixed incorrect language
code, thanks to mmilanovic4
- Updated Arabic translations (MicroDroid)
- Updated Hungarian translations
- Updated Dutch translations
- Updated Slovenian translation (filips123)
- Updated Slovak translation (pcmanik)
- Updated Italian translation (sabas)
- Updated Norwegian translation (aleskr)
- Updated Indonesian translation (mylastof)
- Add constants for common values, such as text/html and
quoted-printable, and use them
- Added support for copied headers in DKIM, helping with
debugging, and an option to add extra headers to the
DKIM signature. See DKIM_sign example for how to use
them. Thanks to gwi-mmuths.
- Add Campaign Monitor transaction ID pattern matcher
- Remove deprecated constant and ini values causing
warnings in PHP 7.3, added PHP 7.3 build to Travis
config.
- Expanded test coverage
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f5e6e9957"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected php-phpmailer6 package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-phpmailer6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC28", reference:"php-phpmailer6-6.0.6-1.fc28")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-phpmailer6");
}
Vendor | Product | Version |
---|---|---|
fedoraproject | fedora | php-phpmailer6 |
fedoraproject | fedora | 28 |