Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-F003D8E633.NASLHistoryApr 01, 2023 - 12:00 a.m.
Fedora 37 : dino (2023-f003d8e633)
2023-04-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
fedora 37
dino
vulnerability
crafted message
sensitive information
nessus
remote host
0.003 Low
EPSS
Percentile
68.3%
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-f003d8e633 advisory.
- Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.
(CVE-2023-28686)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-f003d8e633
#
include('compat.inc');
if (description)
{
script_id(173743);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/01");
script_cve_id("CVE-2023-28686");
script_xref(name:"FEDORA", value:"2023-f003d8e633");
script_name(english:"Fedora 37 : dino (2023-f003d8e633)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2023-f003d8e633 advisory.
- Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal
bookmark store via a crafted message. The attacker can change the display of group chats or force a victim
to join a group chat; the victim may then be tricked into disclosing sensitive information.
(CVE-2023-28686)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-f003d8e633");
script_set_attribute(attribute:"solution", value:
"Update the affected dino package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28686");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/23");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dino");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^37([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'dino-0.3.2-1.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dino');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 37 | cpe:/o:fedoraproject:fedora:37 |
| fedoraproject | fedora | dino | p-cpe:/a:fedoraproject:fedora:dino |
Related
cve
cve
CVE-2023-28686
2023-03-24 04:15:55
osv
osv
dino-im - security update
2023-03-27 00:00:00
CVE-2023-28686
2023-03-24 04:15:55
fedora
fedora
[SECURITY] Fedora 36 Update: dino-0.3.2-1.fc36
2023-04-01 00:42:40
[SECURITY] Fedora 37 Update: dino-0.3.2-1.fc37
2023-04-01 01:21:27
[SECURITY] Fedora 38 Update: dino-0.4.2-1.fc38
2023-04-01 00:18:10
debian
debian
[SECURITY] [DSA 5379-1] dino-im security update
2023-03-27 20:10:04
openvas
openvas
Fedora: Security Advisory for dino (FEDORA-2023-ea6b94395f)
2023-04-02 00:00:00
Fedora: Security Advisory for dino (FEDORA-2023-f003d8e633)
2023-04-02 00:00:00
Fedora: Security Advisory for dino (FEDORA-2023-587d6a00c3)
2023-04-02 00:00:00
cvelist
cvelist
CVE-2023-28686
2023-03-24 00:00:00
nessus
nessus
Debian DSA-5379-1 : dino-im - security update
2023-03-29 00:00:00
Fedora 36 : dino (2023-587d6a00c3)
2023-04-02 00:00:00
Fedora 38 : dino (2023-ea6b94395f)
2023-04-02 00:00:00
ubuntucve
ubuntucve
CVE-2023-28686
2023-03-24 00:00:00
veracode
veracode
Information Disclosure
2023-03-30 19:23:37
freebsd
freebsd
dino -- Insufficient message sender validation in Dino
2023-03-23 00:00:00
mageia
mageia
Updated dino packages fix security vulnerability
2023-03-31 03:13:46
alpinelinux
alpinelinux
CVE-2023-28686
2023-03-24 04:15:55
prion
prion
Information disclosure
2023-03-24 04:15:00
nvd
nvd
CVE-2023-28686
2023-03-24 04:15:55
debiancve
debiancve
CVE-2023-28686
2023-03-24 04:15:55