openSUSE Security Update : pdns-recursor (openSUSE-2017-1339)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-1339.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(105229);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2017-15090", "CVE-2017-15092", "CVE-2017-15093", "CVE-2017-15094");

  script_name(english:"openSUSE Security Update : pdns-recursor (openSUSE-2017-1339)");
  script_summary(english:"Check for the openSUSE-2017-1339 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for pdns-recursor fixes the following issues :

Security issues fixed :

  - CVE-2017-15090: An issue has been found in the DNSSEC
    validation component of PowerDNS Recursor, where the
    signatures might have been accepted as valid even if the
    signed data was not in bailiwick of the DNSKEY used to
    sign it. This allows an attacker in position of
    man-in-the-middle to alter the content of records by
    issuing a valid signature for the crafted records
    (boo#1069242).

  - CVE-2017-15092: An issue has been found in the web
    interface of PowerDNS Recursor, where the qname of DNS
    queries was displayed without any escaping, allowing a
    remote attacker to inject HTML and JavaScript code into
    the web interface, altering the content (boo#1069242).

  - CVE-2017-15093: When `api-config-dir` is set to a
    non-empty value, which is not the case by default, the
    API allows an authorized user to update the Recursor's
    ACL by adding and removing netmasks, and to configure
    forward zones. It was discovered that the new netmask
    and IP addresses of forwarded zones were not
    sufficiently validated, allowing an authenticated user
    to inject new configuration directives into the
    Recursor's configuration (boo#1069242).

  - CVE-2017-15094: An issue has been found in the DNSSEC
    parsing code of PowerDNS Recursor during a code audit by
    Nixu, leading to a memory leak when parsing specially
    crafted DNSSEC ECDSA keys (boo#1069242)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069242"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected pdns-recursor packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pdns-recursor-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"pdns-recursor-3.7.3-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"pdns-recursor-debuginfo-3.7.3-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"pdns-recursor-debugsource-3.7.3-9.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"pdns-recursor-4.0.5-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"pdns-recursor-debuginfo-4.0.5-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"pdns-recursor-debugsource-4.0.5-3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pdns-recursor / pdns-recursor-debuginfo / pdns-recursor-debugsource");
}