Lucene search
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2022-10148-1.NASLHistoryOct 18, 2022 - 12:00 a.m.
openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2022:10148-1)
2022-10-1800:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10148-1 advisory.
-
In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. (CVE-2019-10740)
-
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. (CVE-2020-12641)
-
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. (CVE-2020-16145)
-
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. (CVE-2020-35730)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2022:10148-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(166198);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/22");
script_cve_id(
"CVE-2019-10740",
"CVE-2020-12641",
"CVE-2020-16145",
"CVE-2020-35730"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/07/13");
script_name(english:"openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2022:10148-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2022:10148-1 advisory.
- In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap
them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using
HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the
intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the
plaintext of the encrypted message part(s) back to the attacker. (CVE-2019-10740)
- rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell
metacharacters in a configuration setting for im_convert_path or im_identify_path. (CVE-2020-12641)
- Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a
crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15. (CVE-2020-16145)
- An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before
1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element
that is mishandled by linkref_addindex in rcube_string_replacer.php. (CVE-2020-35730)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180132");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180399");
# https://lists.opensuse.org/archives/list/[email protected]/thread/3WUL4HE7A5MLE433XPBQYBUU6265EYNA/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?48752991");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10740");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-12641");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-16145");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-35730");
script_set_attribute(attribute:"solution", value:
"Update the affected roundcubemail package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12641");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/07");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:roundcubemail");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.4");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3|SUSE15\.4)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3 / 15.4', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'roundcubemail-1.5.3-bp154.2.3.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'roundcubemail-1.5.3-bp154.2.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'roundcubemail');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35730
www.nessus.org/u?48752991
bugzilla.suse.com/1180132
bugzilla.suse.com/1180399
www.suse.com/security/cve/CVE-2019-10740
www.suse.com/security/cve/CVE-2020-12641
www.suse.com/security/cve/CVE-2020-16145
www.suse.com/security/cve/CVE-2020-35730
Related
suse
suse
Security update for roundcubemail (important)
2022-10-17 00:00:00
Security update for roundcubemail (moderate)
2020-09-24 00:00:00
Security update for roundcubemail (important)
2021-07-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2020:1516-1)
2020-09-25 00:00:00
Debian: Security Advisory (DSA-4744-1)
2020-08-13 00:00:00
Mageia: Security Advisory (MGASA-2020-0481)
2022-01-28 00:00:00
nessus
nessus
openSUSE Security Update : roundcubemail (openSUSE-2020-1516)
2020-09-30 00:00:00
Debian DSA-4821-1 : roundcube - security update
2020-12-29 00:00:00
Debian DLA-2508-1 : roundcube security update
2020-12-29 00:00:00
securelist
securelist
Advanced threat predictions for 2024
2023-11-14 10:00:24
thn
thn
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
2023-06-26 10:54:00
Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
2023-10-25 13:20:00
debian
debian
[SECURITY] [DSA 4821-1] roundcube security update
2020-12-28 13:46:47
[SECURITY] [DSA 4744-1] roundcube security update
2020-08-12 04:28:25
[SECURITY] [DSA 4821-1] roundcube security update
2020-12-28 13:47:05
ubuntucve
ubuntucve
cve
cve
osv
osv
BIT-roundcube-2020-35730
2024-03-06 11:04:55
roundcube - security update
2020-12-28 00:00:00
CVE-2020-16145
2020-08-12 13:15:10
debiancve
debiancve
veracode
veracode
Cross-Site Scripting (XSS)
2020-12-06 03:29:33
Cross-Site Scripting (XSS)
2020-12-28 22:25:44
mageia
mageia
Updated roundcubemail packages fix security vulnerabilities
2020-08-18 23:43:16
Updated roundcubemail package fixes security vulnerability
2020-12-29 14:57:17
Updated roundcubemail packages fix security vulnerability
2020-06-15 10:54:40
fedora
fedora
[SECURITY] Fedora 32 Update: roundcubemail-1.4.10-1.fc32
2021-01-13 01:35:57
[SECURITY] Fedora 32 Update: roundcubemail-1.4.8-1.fc32
2020-08-20 01:12:20
[SECURITY] Fedora 33 Update: roundcubemail-1.4.10-1.fc33
2021-01-13 01:59:25
cisa_kev
cisa_kev
Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability
2023-06-22 00:00:00
Roundcube Webmail Remote Code Execution Vulnerability
2023-06-22 00:00:00
prion
prion
Cross site scripting
2020-12-28 20:15:00
Cross site scripting
2020-08-12 13:15:00
Design/Logic Flaw
2019-04-07 15:29:00
attackerkb
attackerkb
CVE-2020-35730
2020-12-28 00:00:00
CVE-2020-12641
2020-05-04 00:00:00
archlinux
archlinux
[ASA-202101-2] roundcubemail: cross-site scripting
2021-01-04 00:00:00
cvelist
cvelist
checkpoint_advisories
checkpoint_advisories
Roundcube Webmail Command Injection (CVE-2020-12641)
2020-08-17 00:00:00
ubuntu
ubuntu
Roundcube Webmail vulnerabilities
2022-08-08 00:00:00
gentoo
gentoo
Roundcube: Multiple vulnerabilities
2020-07-27 00:00:00
Related for OPENSUSE-2022-10148-1.NASL