Fedora 39 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-31d5d51a2d)

2023-11-0700:00:00

www.tenable.com

fedora 39

cryptography package

ssh certificates

bug finder wedding wonders 1.0

cross-site scripting

remote attack

vulnerability

nessus scanner

6.7 Medium

AI Score

Confidence

High

JSON

The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-31d5d51a2d advisory.

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
(CVE-2023-38325)
A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic.
Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-235158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (CVE-2023-3832)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-31d5d51a2d
#

include('compat.inc');

if (description)
{
  script_id(185290);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id("CVE-2023-3832", "CVE-2023-38325");
  script_xref(name:"FEDORA", value:"2023-31d5d51a2d");

  script_name(english:"Fedora 39 : python-cryptography / rust-asn1 / rust-asn1_derive (2023-31d5d51a2d)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the
FEDORA-2023-31d5d51a2d advisory.

  - The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
    (CVE-2023-38325)

  - A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic.
    Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The
    manipulation of the argument message leads to cross site scripting. It is possible to launch the attack
    remotely. VDB-235158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted
    early about this disclosure but did not respond in any way. (CVE-2023-3832)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-31d5d51a2d");
  script_set_attribute(attribute:"solution", value:
"Update the affected python-cryptography, rust-asn1 and / or rust-asn1_derive packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-38325");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:39");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:python-cryptography");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rust-asn1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rust-asn1_derive");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^39([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 39', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'python-cryptography-41.0.3-1.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-asn1-0.15.5-2.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-asn1_derive-0.15.5-1.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-cryptography / rust-asn1 / rust-asn1_derive');
}

VendorProductVersionCPE
fedoraprojectfedora39cpe:/o:fedoraproject:fedora:39
fedoraprojectfedorapython-cryptographyp-cpe:/a:fedoraproject:fedora:python-cryptography
fedoraprojectfedorarust-asn1p-cpe:/a:fedoraproject:fedora:rust-asn1
fedoraprojectfedorarust-asn1_derivep-cpe:/a:fedoraproject:fedora:rust-asn1_derive

Vendor	Product	Version	CPE
fedoraproject	fedora	39	cpe:/o:fedoraproject:fedora:39
fedoraproject	fedora	python-cryptography	p-cpe:/a:fedoraproject:fedora:python-cryptography
fedoraproject	fedora	rust-asn1	p-cpe:/a:fedoraproject:fedora:rust-asn1
fedoraproject	fedora	rust-asn1_derive	p-cpe:/a:fedoraproject:fedora:rust-asn1_derive