Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-F350634B40.NASLHistoryJul 15, 2019 - 12:00 a.m.
Fedora 30 : fossil (2019-f350634b40)
2019-07-1500:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
9.1 High
AI Score
Confidence
High
-
Update to 2.8 fixes rhbz#1581180 rhbz#1603993 rhbz#1674893 and rhbz#1524335
-
Removed upstreamed patch
-
Bug 1524335 - CVE-2017-17459 fossil: Command injection via malicious ssh URLs [fedora-all]
-
Bug 1581180 - Update fossil version to 2.6 (currently is 2.2)
-
Bug 1603993 - fossil: FTBFS in Fedora rawhide
-
Bug 1674893 - fossil: FTBFS in Fedora rawhide/f30
-
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-f350634b40.
#
include('compat.inc');
if (description)
{
script_id(126665);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/10");
script_cve_id("CVE-2017-17459");
script_xref(name:"FEDORA", value:"2019-f350634b40");
script_name(english:"Fedora 30 : fossil (2019-f350634b40)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"- Update to 2.8 fixes rhbz#1581180 rhbz#1603993
rhbz#1674893 and rhbz#1524335
- Removed upstreamed patch
- Bug 1524335 - CVE-2017-17459 fossil: Command injection
via malicious ssh URLs [fedora-all]
- Bug 1581180 - Update fossil version to 2.6 (currently is
2.2)
- Bug 1603993 - fossil: FTBFS in Fedora rawhide
- Bug 1674893 - fossil: FTBFS in Fedora rawhide/f30
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f350634b40");
script_set_attribute(attribute:"solution", value:
"Update the affected fossil package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-17459");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/07");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fossil");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"fossil-2.8-1.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fossil");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | fossil | p-cpe:/a:fedoraproject:fedora:fossil |
| fedoraproject | fedora | 30 | cpe:/o:fedoraproject:fedora:30 |
Related
nessus
nessus
openSUSE Security Update : fossil (openSUSE-2017-1365)
2017-12-14 00:00:00
GLSA-201801-20 : Fossil: User-assisted execution of arbitrary code
2018-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: fossil-2.8-1.fc30
2019-07-13 01:07:36
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0042)
2022-01-28 00:00:00
Fedora Update for fossil FEDORA-2019-f350634b40
2019-07-13 00:00:00
gentoo
gentoo
Fossil: User-assisted execution of arbitrary code
2018-01-27 00:00:00
mageia
mageia
Updated fossil packages fix security vulnerability
2018-01-03 17:22:14
ubuntucve
ubuntucve
CVE-2017-17459
2017-12-07 00:00:00
cve
cve
CVE-2017-17459
2017-12-07 18:29:00
debiancve
debiancve
CVE-2017-17459
2017-12-07 18:29:00
prion
prion
Design/Logic Flaw
2017-12-07 18:29:00
cvelist
cvelist
CVE-2017-17459
2017-12-07 18:00:00