Mandriva Linux Security Advisory : mosh (MDVSA-2013:104)

2013-04-20T00:00:00
ID MANDRIVA_MDVSA-2013-104.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

Updated mosh package fixes security vulnerability :

Mosh versions 1.2 and earlier allow an application to cause the mosh-server to consume large amounts of CPU time with a short ANSI escape sequence. In addition, a malicious mosh-server can cause the mosh-client to consume large amounts of CPU time with a short ANSI escape sequence. This arises because there was no limit on the value of the repeat parameter in some ANSI escape sequences, so even large and nonsensical values would be interpreted by Mosh

                                        
                                            #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:104. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(66116);
  script_version("1.7");
  script_cvs_date("Date: 2019/08/02 13:32:55");

  script_cve_id("CVE-2012-2385");
  script_bugtraq_id(53646);
  script_xref(name:"MDVSA", value:"2013:104");
  script_xref(name:"MGASA", value:"2012-0182");

  script_name(english:"Mandriva Linux Security Advisory : mosh (MDVSA-2013:104)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandriva Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated mosh package fixes security vulnerability :

Mosh versions 1.2 and earlier allow an application to cause the
mosh-server to consume large amounts of CPU time with a short ANSI
escape sequence. In addition, a malicious mosh-server can cause the
mosh-client to consume large amounts of CPU time with a short ANSI
escape sequence. This arises because there was no limit on the value
of the repeat parameter in some ANSI escape sequences, so even large
and nonsensical values would be interpreted by Mosh's terminal
emulator (CVE-2012-2385)."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected mosh package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mosh");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mosh-1.1.3-2.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");