Lucene search

K
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2018-0F5E6E9957.NASL
HistoryJan 03, 2019 - 12:00 a.m.

Fedora 28 : php-phpmailer6 (2018-0f5e6e9957)

2019-01-0300:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11

Version 6.0.6

  • SECURITY Fix potential object injection vulnerability.CVE-2018-19296. Reported by Sehun Oh of cyberone.kr.

  • Added Tagalog translation, thanks to StoneArtz

  • Added Malagache translation, thanks to Hackinet

  • Updated Serbian translation, fixed incorrect language code, thanks to mmilanovic4

  • Updated Arabic translations (MicroDroid)

  • Updated Hungarian translations

  • Updated Dutch translations

  • Updated Slovenian translation (filips123)

  • Updated Slovak translation (pcmanik)

  • Updated Italian translation (sabas)

  • Updated Norwegian translation (aleskr)

  • Updated Indonesian translation (mylastof)

  • Add constants for common values, such as text/html and quoted-printable, and use them

  • Added support for copied headers in DKIM, helping with debugging, and an option to add extra headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks to gwi-mmuths.

  • Add Campaign Monitor transaction ID pattern matcher

  • Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP 7.3 build to Travis config.

  • Expanded test coverage

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-0f5e6e9957.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(120237);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2018-19296");
  script_xref(name:"FEDORA", value:"2018-0f5e6e9957");

  script_name(english:"Fedora 28 : php-phpmailer6 (2018-0f5e6e9957)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**Version 6.0.6**

  - **SECURITY** Fix potential object injection
    vulnerability. **CVE-2018-19296**. Reported by Sehun Oh
    of cyberone.kr.

  - Added Tagalog translation, thanks to StoneArtz

  - Added Malagache translation, thanks to Hackinet

  - Updated Serbian translation, fixed incorrect language
    code, thanks to mmilanovic4

  - Updated Arabic translations (MicroDroid)

  - Updated Hungarian translations

  - Updated Dutch translations

  - Updated Slovenian translation (filips123)

  - Updated Slovak translation (pcmanik)

  - Updated Italian translation (sabas)

  - Updated Norwegian translation (aleskr)

  - Updated Indonesian translation (mylastof)

  - Add constants for common values, such as text/html and
    quoted-printable, and use them

  - Added support for copied headers in DKIM, helping with
    debugging, and an option to add extra headers to the
    DKIM signature. See DKIM_sign example for how to use
    them. Thanks to gwi-mmuths.

  - Add Campaign Monitor transaction ID pattern matcher

  - Remove deprecated constant and ini values causing
    warnings in PHP 7.3, added PHP 7.3 build to Travis
    config.

  - Expanded test coverage

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0f5e6e9957"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected php-phpmailer6 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-phpmailer6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC28", reference:"php-phpmailer6-6.0.6-1.fc28")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-phpmailer6");
}