Fedora 30 : mosquitto (2019-8b83c261dd)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-8b83c261dd.
#

include('compat.inc');

if (description)
{
  script_id(129633);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/19");

  script_cve_id("CVE-2019-11779");
  script_xref(name:"FEDORA", value:"2019-8b83c261dd");

  script_name(english:"Fedora 30 : mosquitto (2019-8b83c261dd)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"1.6.7 =====

Broker :

  - Add workaround for working with libwebsockets 3.2.0.

  - Fix potential crash when reloading config.

Client library :

  - Don't use / in autogenerated client ids, to avoid
    confusing with topics.

  - Fix mosquitto_max_inflight_messages_set() and
    mosquitto_int_option(..., MOSQ_OPT_*_MAX, ...)
    behaviour.

  - Fix regression on use of mosquitto_connect_async() not
    working.

Clients :

  - mosquitto_sub: Fix -E incorrectly not working unless -d
    was also specified.

  - Updated documentation around automatic client ids.

1.6.6 =====

Security :

  - CVE-2019-11779

  - Restrict topic hierarchy to 200 levels to prevent
    possible stack overflow.

Broker :

  - Restrict topic hierarchy to 200 levels to prevent
    possible stack overflow.

  - mosquitto_passwd now returns 1 when attempting to update
    a user that does not exist.

1.6.5 =====

Broker :

  - Fix v5 DISCONNECT packets with remaining length == 2
    being treated as a protocol error.

  - Fix support for libwebsockets 3.x.

  - Fix slow websockets performance when sending large
    messages.

  - Fix bridges potentially not connecting on Windows.

  - Fix clients authorised using `use_identity_as_username`
    or `use_subject_as_username` being disconnected on
    SIGHUP.

  - Improve error messages in some situations when clients
    disconnect. Reduces the number of 'Socket error on
    client X, disconnecting' messages.

  - Fix Will for v5 clients not being sent if will delay
    interval was greater than the session expiry interval.

  - Fix CRL file not being reloaded on HUP.

  - Fix repeated 'Error in poll' messages on Windows when
    only websockets listeners are defined.

Client library :

  - Fix reconnect backoff for the situation where
    connections are dropped rather than refused.

  - Fix missing locks on `mosq->state`.

Documentation :

  - Improve details on global/per listener options in the
    mosquitto.conf man page.

  - Clarify behaviour when clients exceed the
    `message_size_limit`.

  - Improve documentation for `max_inflight_bytes`,
    `max_inflight_messages`, and `max_queued_messages`.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-8b83c261dd");
  script_set_attribute(attribute:"solution", value:
"Update the affected mosquitto package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11779");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mosquitto");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"mosquitto-1.6.7-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mosquitto");
}