Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2022-0048_WEBKIT2GTK3.NASL
HistoryMay 09, 2022 - 12:00 a.m.

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2022-0048)

2022-05-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities:

  • A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)

  • An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)

  • A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)

  • A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)

  • An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)

  • A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1817)

  • A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. (CVE-2021-1820)

  • An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. (CVE-2021-1825)

  • A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. (CVE-2021-1826)

  • A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited… (CVE-2021-30661)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2022-0048. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(160755);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");

  script_cve_id(
    "CVE-2020-9948",
    "CVE-2020-9951",
    "CVE-2020-9983",
    "CVE-2020-13543",
    "CVE-2020-13584",
    "CVE-2021-1817",
    "CVE-2021-1820",
    "CVE-2021-1825",
    "CVE-2021-1826",
    "CVE-2021-30661"
  );
  script_xref(name:"IAVA", value:"2021-A-0202-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");

  script_name(english:"NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2022-0048)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by
multiple vulnerabilities:

  - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A
    specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code
    execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)

  - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially
    crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The
    victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)

  - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)

  - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari
    14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big
    Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may
    lead to arbitrary code execution. (CVE-2021-1817)

  - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS
    Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content
    may result in the disclosure of process memory. (CVE-2021-1820)

  - An input validation issue was addressed with improved input validation. This issue is fixed in iTunes
    12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS
    14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting
    attack. (CVE-2021-1825)

  - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS
    14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to
    universal cross site scripting. (CVE-2021-1826)

  - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1,
    iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously
    crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may
    have been actively exploited.. (CVE-2021-30661)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2022-0048");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-13543");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-13584");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-9948");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-9951");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-9983");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-1817");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-1820");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-1825");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-1826");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-30661");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL webkit2gtk3 packages. Note that updated packages may not be available yet. Please contact
ZTE for more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30661");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (release !~ "CGSL MAIN 6.02")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL MAIN 6.02': [
    'webkit2gtk3-2.30.4-1.el8',
    'webkit2gtk3-debuginfo-2.30.4-1.el8',
    'webkit2gtk3-debugsource-2.30.4-1.el8',
    'webkit2gtk3-devel-2.30.4-1.el8',
    'webkit2gtk3-devel-debuginfo-2.30.4-1.el8',
    'webkit2gtk3-doc-2.30.4-1.el8',
    'webkit2gtk3-jsc-2.30.4-1.el8',
    'webkit2gtk3-jsc-debuginfo-2.30.4-1.el8',
    'webkit2gtk3-jsc-devel-2.30.4-1.el8',
    'webkit2gtk3-jsc-devel-debuginfo-2.30.4-1.el8'
  ]
};
var pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk3');
}
VendorProductVersionCPE
ztecgsl_mainwebkit2gtk3p-cpe:/a:zte:cgsl_main:webkit2gtk3
ztecgsl_mainwebkit2gtk3-debuginfop-cpe:/a:zte:cgsl_main:webkit2gtk3-debuginfo
ztecgsl_mainwebkit2gtk3-debugsourcep-cpe:/a:zte:cgsl_main:webkit2gtk3-debugsource
ztecgsl_mainwebkit2gtk3-develp-cpe:/a:zte:cgsl_main:webkit2gtk3-devel
ztecgsl_mainwebkit2gtk3-devel-debuginfop-cpe:/a:zte:cgsl_main:webkit2gtk3-devel-debuginfo
ztecgsl_mainwebkit2gtk3-docp-cpe:/a:zte:cgsl_main:webkit2gtk3-doc
ztecgsl_mainwebkit2gtk3-jscp-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc
ztecgsl_mainwebkit2gtk3-jsc-debuginfop-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-debuginfo
ztecgsl_mainwebkit2gtk3-jsc-develp-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel
ztecgsl_mainwebkit2gtk3-jsc-devel-debuginfop-cpe:/a:zte:cgsl_main:webkit2gtk3-jsc-devel-debuginfo
Rows per page:
1-10 of 111

References

Related

osv 4
redhat 6
nessus 26
rocky 1
mageia 1
debian 1
gentoo 2
almalinux 1
oraclelinux 1
archlinux 1
fedora 2
suse 4
ubuntu 1
apple 20
thn 5
cnvd 1
ubuntucve 10
redhatcve 10
talos 3
prion 10
veracode 6
alpinelinux 10
cve 10
attackerkb 1
debiancve 10
cisa_kev 1
zdi 1
kaspersky 4
ibm 2
threatpost 1
qualysblog 3
malwarebytes 1
amazon 1
securelist 1
googleprojectzero 1
osv
osv
webkit2gtk - security update
2020-11-23 00:00:00
Moderate: GNOME security, bug fix, and enhancement update
2021-05-18 05:35:26
Moderate: GNOME security, bug fix, and enhancement update
2021-05-18 05:35:26
redhat
redhat
(RHSA-2021:1586) Moderate: GNOME security, bug fix, and enhancement update
2021-05-18 05:35:26
(RHSA-2021:2479) Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update
2021-06-17 15:42:10
(RHSA-2021:2136) Moderate: Openshift Logging security and bugs update (5.0.4)
2021-05-26 20:03:09
nessus
nessus
Rocky Linux 8 : GNOME (RLSA-2021:1586)
2022-02-09 00:00:00
RHEL 8 : GNOME (RHSA-2021:1586)
2021-05-19 00:00:00
AlmaLinux 8 : GNOME (ALSA-2021:1586)
2022-02-09 00:00:00
rocky
rocky
GNOME security, bug fix, and enhancement update
2021-05-18 05:35:26
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2020-11-27 23:14:57
debian
debian
[SECURITY] [DSA 4797-1] webkit2gtk security update
2020-11-24 18:45:16
gentoo
gentoo
WebkitGTK+: Multiple vulnerabilities
2020-12-23 00:00:00
WebkitGTK+: Multiple vulnerabilities
2022-02-01 00:00:00
almalinux
almalinux
Moderate: GNOME security, bug fix, and enhancement update
2021-05-18 05:35:26
oraclelinux
oraclelinux
GNOME security, bug fix, and enhancement update
2021-05-25 00:00:00
archlinux
archlinux
[ASA-202011-28] webkit2gtk: arbitrary code execution
2020-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: webkit2gtk3-2.30.3-1.fc33
2020-11-29 01:27:55
[SECURITY] Fedora 32 Update: webkit2gtk3-2.30.3-1.fc32
2020-12-04 00:30:44
suse
suse
Security update for webkit2gtk3 (important)
2020-12-21 00:00:00
Security update for webkit2gtk3 (important)
2020-12-21 00:00:00
Security update for webkit2gtk3 (important)
2022-01-25 00:00:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2020-11-26 00:00:00
apple
apple
About the security content of Safari 14.1
2021-04-26 00:00:00
About the security content of Safari 14.0 - Apple Support
2020-11-12 10:19:34
About the security content of Safari 14.0
2020-09-16 00:00:00
thn
thn
Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers
2021-04-27 10:29:00
Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks
2021-05-04 05:42:00
Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild
2021-06-15 03:32:00
cnvd
cnvd
WebKitGTK post-release reuse vulnerability
2020-12-04 00:00:00
ubuntucve
ubuntucve
CVE-2020-13543
2020-12-03 00:00:00
CVE-2020-13584
2020-12-03 00:00:00
CVE-2021-30661
2021-09-08 00:00:00
redhatcve
redhatcve
CVE-2020-13584
2020-11-24 18:52:22
CVE-2020-13543
2020-12-02 12:15:13
CVE-2020-9983
2020-11-24 18:51:47
talos
talos
Webkit WebSocket code execution vulnerability
2020-11-30 00:00:00
Webkit ImageDecoderGStreamer use-after-free vulnerability
2020-11-30 00:00:00
Apple Safari/Webkit aboutBlankURL() code execution vulnerability
2020-09-30 00:00:00
prion
prion
Remote code execution
2020-12-03 17:15:00
Design/Logic Flaw
2020-12-03 17:15:00
Design/Logic Flaw
2021-09-08 15:15:00
veracode
veracode
Denial Of Service (DoS)
2021-04-29 12:13:09
Remote Code Execution (RCE)
2021-04-29 12:12:08
Remote Code Execution (RCE)
2021-04-29 12:14:52
alpinelinux
alpinelinux
CVE-2020-13584
2020-12-03 17:15:00
CVE-2020-13543
2020-12-03 17:15:00
CVE-2021-30661
2021-09-08 15:15:00
cve
cve
CVE-2020-13584
2020-12-03 17:15:00
CVE-2021-30661
2021-09-08 15:15:00
CVE-2020-13543
2020-12-03 17:15:00
attackerkb
attackerkb
CVE-2021-30661
2021-09-08 00:00:00
debiancve
debiancve
CVE-2020-13543
2020-12-03 17:15:00
CVE-2020-13584
2020-12-03 17:15:00
CVE-2021-30661
2021-09-08 15:15:00
cisa_kev
cisa_kev
Apple Multiple Products Use-After-Free Vulnerability
2021-11-03 00:00:00
zdi
zdi
Apple Safari replace Type Confusion Remote Code Execution Vulnerability
2020-09-21 00:00:00
kaspersky
kaspersky
KLA12156 Multiple vulnerabilities in Apple iTunes
2021-04-22 00:00:00
KLA12155 Multiple vulnerabilities in Apple iCloud
2021-04-26 00:00:00
KLA12007 Multiple vulnerabilities in Apple iTunes
2020-09-16 00:00:00
ibm
ibm
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs
2021-10-19 15:38:04
Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
2021-12-03 18:52:37
threatpost
threatpost
Apple Fixes Zero‑Day Security Bugs Under Active Attack
2021-05-04 16:16:37
qualysblog
qualysblog
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
2021-10-18 07:41:18
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach
2021-07-23 16:31:38
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
malwarebytes
malwarebytes
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
2021-10-12 16:07:53
amazon
amazon
Important: webkitgtk4
2023-06-07 23:52:00
securelist
securelist
IT threat evolution in Q2 2021. PC statistics
2021-08-12 10:00:12
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00
JSON
Related for NEWSTART_CGSL_NS-SA-2022-0048_WEBKIT2GTK3.NASL
osv4redhat6nessus26rocky1mageia1debian1gentoo2almalinux1oraclelinux1archlinux1fedora2suse4ubuntu1apple20thn5cnvd1ubuntucve10redhatcve10talos3prion10veracode6alpinelinux10cve10attackerkb1debiancve10cisa_kev1zdi1kaspersky4ibm2threatpost1qualysblog3malwarebytes1amazon1securelist1googleprojectzero1