The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1091-1 advisory.
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn’t ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn’t exist on the IMAP server. (CVE-2021-29969)
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)
Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. (CVE-2021-29976)
Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:1091-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152219);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/06");
script_cve_id(
"CVE-2021-29969",
"CVE-2021-29970",
"CVE-2021-29976",
"CVE-2021-30547"
);
script_xref(name:"IAVA", value:"2021-A-0309-S");
script_xref(name:"IAVA", value:"2021-A-0293-S");
script_name(english:"openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:1091-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:1091-1 advisory.
- If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server
responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected
data. This could have resulted in Thunderbird showing incorrect information, for example the attacker
could have tricked Thunderbird to show folders that didn't exist on the IMAP server. (CVE-2021-29969)
- A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially
exploitable crash. This bug only affected Firefox when accessibility was enabled. (CVE-2021-29970)
- Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and Randell Jesup reported memory
safety bugs present in Firefox 89 and Firefox ESR 78.11. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could have been exploited to run arbitrary
code. (CVE-2021-29976)
- Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to
potentially perform out of bounds memory access via a crafted HTML page. (CVE-2021-30547)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188275");
# https://lists.opensuse.org/archives/list/[email protected]/thread/ABQT6TDIB2IQ4ZZNUZXMHLE7ZDVD4YBM/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d3459991");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29969");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29970");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-29976");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-30547");
script_set_attribute(attribute:"solution", value:
"Update the affected MozillaThunderbird, MozillaThunderbird-translations-common and / or MozillaThunderbird-translations-
other packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-30547");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'MozillaThunderbird-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'MozillaThunderbird-translations-common-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'MozillaThunderbird-translations-other-78.12.0-lp152.2.48.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'MozillaThunderbird / MozillaThunderbird-translations-common / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | mozillathunderbird | p-cpe:/a:novell:opensuse:mozillathunderbird |
novell | opensuse | mozillathunderbird-translations-common | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-common |
novell | opensuse | mozillathunderbird-translations-other | p-cpe:/a:novell:opensuse:mozillathunderbird-translations-other |
novell | opensuse | 15.2 | cpe:/o:novell:opensuse:15.2 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30547
www.nessus.org/u?d3459991
bugzilla.suse.com/1188275
www.suse.com/security/cve/CVE-2021-29969
www.suse.com/security/cve/CVE-2021-29970
www.suse.com/security/cve/CVE-2021-29976
www.suse.com/security/cve/CVE-2021-30547