Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-AD23A4522D.NASL
HistoryJan 06, 2020 - 12:00 a.m.

Fedora 31 : cyrus-imapd (2019-ad23a4522d)

2020-01-0600:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

6.9 Medium

AI Score

Confidence

High

JSON

Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes:
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm l

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-ad23a4522d.
#

include('compat.inc');

if (description)
{
  script_id(132656);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");

  script_cve_id("CVE-2019-19783");
  script_xref(name:"FEDORA", value:"2019-ad23a4522d");

  script_name(english:"Fedora 31 : cyrus-imapd (2019-ad23a4522d)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Update to new upstream version 3.0.13, which includes a fix for
CVE-2019-19783 and other minor fixes. Release notes:
https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm
l

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-ad23a4522d");
  # https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c4e167ad");
  script_set_attribute(attribute:"solution", value:
"Update the affected cyrus-imapd package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19783");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cyrus-imapd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"cyrus-imapd-3.0.13-1.fc31")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-imapd");
}
VendorProductVersionCPE
fedoraprojectfedoracyrus-imapdp-cpe:/a:fedoraproject:fedora:cyrus-imapd
fedoraprojectfedora31cpe:/o:fedoraproject:fedora:31

Related

nessus 8
osv 3
debian 1
openvas 6
prion 1
cve 1
debiancve 1
altlinux 2
veracode 1
gentoo 1
redhatcve 1
mageia 1
ubuntucve 1
fedora 2
ubuntu 1
almalinux 1
oraclelinux 1
redhat 1
nessus
nessus
Fedora 30 : cyrus-imapd (2019-7938c21723)
2020-01-06 00:00:00
Debian DSA-4590-1 : cyrus-imapd - security update
2019-12-20 00:00:00
GLSA-202006-23 : Cyrus IMAP Server: Access restriction bypass
2020-06-17 00:00:00
osv
osv
CVE-2019-19783
2019-12-16 14:15:12
cyrus-imapd - security update
2019-12-19 00:00:00
cyrus-imapd vulnerabilities
2020-10-05 17:25:10
debian
debian
[SECURITY] [DSA 4590-1] cyrus-imapd security update
2019-12-19 22:54:18
openvas
openvas
Debian: Security Advisory (DSA-4590-1)
2019-12-21 00:00:00
Cyrus IMAP 2.5.x < 2.5.15, 3.0.x < 3.0.13 ACL Bypass Vulnerability
2019-12-18 00:00:00
Mageia: Security Advisory (MGASA-2020-0010)
2022-01-28 00:00:00
prion
prion
Design/Logic Flaw
2019-12-16 14:15:00
cve
cve
CVE-2019-19783
2019-12-16 14:15:00
debiancve
debiancve
CVE-2019-19783
2019-12-16 14:15:00
altlinux
altlinux
Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.13-alt1
2020-01-10 00:00:00
Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.15-alt0.M80P.1
2020-01-10 00:00:00
veracode
veracode
Privilege Escalation
2020-11-05 03:10:39
gentoo
gentoo
Cyrus IMAP Server: Access restriction bypass
2020-06-15 00:00:00
redhatcve
redhatcve
CVE-2019-19783
2019-12-27 18:08:53
mageia
mageia
Updated cyrus-imapd packages fix security vulnerability
2020-01-05 18:37:51
ubuntucve
ubuntucve
CVE-2019-19783
2019-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: cyrus-imapd-3.0.13-1.fc31
2020-01-05 00:42:32
[SECURITY] Fedora 30 Update: cyrus-imapd-3.0.13-1.fc30
2020-01-04 22:16:34
ubuntu
ubuntu
Cyrus IMAP Server vulnerabilities
2020-10-05 00:00:00
almalinux
almalinux
Moderate: cyrus-imapd security update
2020-11-03 12:24:17
oraclelinux
oraclelinux
cyrus-imapd security update
2020-11-10 00:00:00
redhat
redhat
(RHSA-2020:4655) Moderate: cyrus-imapd security update
2020-11-03 12:24:17

6.9 Medium

AI Score

Confidence

High

JSON
Related for FEDORA_2019-AD23A4522D.NASL
nessus8osv3debian1openvas6prion1cve1debiancve1altlinux2veracode1gentoo1redhatcve1mageia1ubuntucve1fedora2ubuntu1almalinux1oraclelinux1redhat1