Mandriva Linux Security Advisory : mesa (MDVSA-2013:182)

2013-06-2800:00:00

www.tenable.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.2%

JSON

Updated mesa packages fix multiple vulnerabilities

An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1872).

It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2013-1993).

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2013:182. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(67011);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2013-1872", "CVE-2013-1993");
  script_bugtraq_id(60149, 60285);
  script_xref(name:"MDVSA", value:"2013:182");

  script_name(english:"Mandriva Linux Security Advisory : mesa (MDVSA-2013:182)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated mesa packages fix multiple vulnerabilities

An out-of-bounds access flaw was found in Mesa. If an application
using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox
does this), an attacker could cause the application to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application (CVE-2013-1872).

It was found that Mesa did not correctly validate messages from the X
server. A malicious X server could cause an application using Mesa to
crash or, potentially, execute arbitrary code with the privileges of
the user running the application (CVE-2013-1993)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://advisories.mageia.org/MGASA-2013-0190.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64dri-drivers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gbm1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64gbm1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64glapi0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64glapi0-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaegl1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaegl1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesagl1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesagl1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaglesv1_1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaglesv1_1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaglesv2_2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaglesv2_2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaglu1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaglu1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaopenvg1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mesaopenvg1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wayland-egl1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wayland-egl1-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mesa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mesa-common-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64dri-drivers-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gbm1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64gbm1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64glapi0-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64glapi0-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaegl1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaegl1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesagl1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesagl1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaglesv1_1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaglesv1_1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaglesv2_2-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaglesv2_2-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaglu1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaglu1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaopenvg1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64mesaopenvg1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wayland-egl1-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64wayland-egl1-devel-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mesa-8.0.5-1.1.mbs1")) flag++;
if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"mesa-common-devel-8.0.5-1.1.mbs1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxlib64dri-driversp-cpe:/a:mandriva:linux:lib64dri-drivers
mandrivalinuxlib64gbm1p-cpe:/a:mandriva:linux:lib64gbm1
mandrivalinuxlib64gbm1-develp-cpe:/a:mandriva:linux:lib64gbm1-devel
mandrivalinuxlib64glapi0p-cpe:/a:mandriva:linux:lib64glapi0
mandrivalinuxlib64glapi0-develp-cpe:/a:mandriva:linux:lib64glapi0-devel
mandrivalinuxlib64mesaegl1p-cpe:/a:mandriva:linux:lib64mesaegl1
mandrivalinuxlib64mesaegl1-develp-cpe:/a:mandriva:linux:lib64mesaegl1-devel
mandrivalinuxlib64mesagl1p-cpe:/a:mandriva:linux:lib64mesagl1
mandrivalinuxlib64mesagl1-develp-cpe:/a:mandriva:linux:lib64mesagl1-devel
mandrivalinuxlib64mesaglesv1_1p-cpe:/a:mandriva:linux:lib64mesaglesv1_1

Vendor	Product	Version	CPE
mandriva	linux	lib64dri-drivers	p-cpe:/a:mandriva:linux:lib64dri-drivers
mandriva	linux	lib64gbm1	p-cpe:/a:mandriva:linux:lib64gbm1
mandriva	linux	lib64gbm1-devel	p-cpe:/a:mandriva:linux:lib64gbm1-devel
mandriva	linux	lib64glapi0	p-cpe:/a:mandriva:linux:lib64glapi0
mandriva	linux	lib64glapi0-devel	p-cpe:/a:mandriva:linux:lib64glapi0-devel
mandriva	linux	lib64mesaegl1	p-cpe:/a:mandriva:linux:lib64mesaegl1
mandriva	linux	lib64mesaegl1-devel	p-cpe:/a:mandriva:linux:lib64mesaegl1-devel
mandriva	linux	lib64mesagl1	p-cpe:/a:mandriva:linux:lib64mesagl1
mandriva	linux	lib64mesagl1-devel	p-cpe:/a:mandriva:linux:lib64mesagl1-devel
mandriva	linux	lib64mesaglesv1_1	p-cpe:/a:mandriva:linux:lib64mesaglesv1_1