RHEL 2.1 / 3 : mozilla (RHSA-2004:486)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2004:486. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15409);
  script_version("1.29");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2004-0902", "CVE-2004-0903", "CVE-2004-0904", "CVE-2004-0905", "CVE-2004-0908");
  script_xref(name:"RHSA", value:"2004:486");
  script_xref(name:"Secunia", value:"12526");

  script_name(english:"RHEL 2.1 / 3 : mozilla (RHSA-2004:486)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated mozilla packages that fix a number of security issues are now
available.

Mozilla is an open source Web browser, advanced email and newsgroup
client, IRC chat client, and HTML editor.

Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If
a user is tricked into dragging a JavaScript link into another frame
or page, it becomes possible for an attacker to steal or modify
sensitive information from that site. Additionally, if a user is
tricked into dragging two links in sequence to another window (not
frame), it is possible for the attacker to execute arbitrary commands.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0905 to this issue.

Gael Delalleau discovered an integer overflow which affects the BMP
handling code inside Mozilla. An attacker could create a carefully
crafted BMP file in such a way that it would cause Mozilla to crash or
execute arbitrary code when the image is viewed. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0904 to this issue.

Georgi Guninski discovered a stack-based buffer overflow in the vCard
display routines. An attacker could create a carefully crafted vCard
file in such a way that it would cause Mozilla to crash or execute
arbitrary code when viewed. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2004-0903 to this
issue.

Wladimir Palant discovered a flaw in the way JavaScript interacts with
the clipboard. It is possible that an attacker could use malicious
JavaScript code to steal sensitive data which has been copied into the
clipboard. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0908 to this issue.

Georgi Guninski discovered a heap based buffer overflow in the 'Send
Page' feature. It is possible that an attacker could construct a link
in such a way that a user attempting to forward it could result in a
crash or arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0902
to this issue.

Users of Mozilla should update to these updated packages, which
contain backported patches and are not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0904"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0905"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2004-0908"
  );
  # http://www.mozilla.org/projects/security/known-vulnerabilities.html#
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.mozilla.org/en-US/security/known-vulnerabilities/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2004:486"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:galeon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-chat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-dom-inspector");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-js-debugger");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-mail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nspr-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mozilla-nss-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/02");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2004:486";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"galeon-1.2.13-5.2.1")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-chat-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-devel-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-dom-inspector-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-js-debugger-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-mail-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nspr-devel-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-1.4.3-2.1.4")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"mozilla-nss-devel-1.4.3-2.1.4")) flag++;

  if (rpm_check(release:"RHEL3", reference:"mozilla-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-chat-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-devel-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-dom-inspector-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-js-debugger-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-mail-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-nspr-devel-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-nss-1.4.3-3.0.4")) flag++;
  if (rpm_check(release:"RHEL3", reference:"mozilla-nss-devel-1.4.3-3.0.4")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "galeon / mozilla / mozilla-chat / mozilla-devel / etc");
  }
}