Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-6678-1.NASL
HistoryMar 05, 2024 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libgit2 vulnerabilities (USN-6678-1)

2024-03-0500:00:00
Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
ubuntu
libgit2
vulnerabilities
16.04
18.04
20.04
22.04
23.10
remote code execution
ntfs
ssh
certificate checking
man-in-the-middle attack
denial of service
heap corruption
arbitrary code execution
cve-2020-12278
cve-2020-12279
cve-2023-22742
cve-2024-24575
cve-2024-24577
security advisory

8.4 High

AI Score

Confidence

High

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6678-1 advisory.

  • An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. (CVE-2020-12278)

  • An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. (CVE-2020-12279)

  • libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificate_check field of libgit2’s git_remote_callbacks structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking.
    This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked. (CVE-2023-22742)

  • libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_revparse_single can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in src/libgit2/revparse.c uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2. (CVE-2024-24575)

  • libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_index_add can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the has_dir_name function in src/libgit2/index.c, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. (CVE-2024-24577)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6678-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(191559);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/06");

  script_cve_id(
    "CVE-2020-12278",
    "CVE-2020-12279",
    "CVE-2023-22742",
    "CVE-2024-24575",
    "CVE-2024-24577"
  );
  script_xref(name:"USN", value:"6678-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : libgit2 vulnerabilities (USN-6678-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-6678-1 advisory.

  - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent
    filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when
    cloning a repository. This issue is similar to CVE-2019-1352. (CVE-2020-12278)

  - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent
    filenames that exist because of NTFS short names. This may allow remote code execution when cloning a
    repository. This issue is similar to CVE-2019-1353. (CVE-2020-12279)

  - libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the
    optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of
    libgit2 require the caller to set the `certificate_check` field of libgit2's `git_remote_callbacks`
    structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking.
    This means that by default - without configuring a certificate check callback, clients will not perform
    validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged
    to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are
    manually checked. (CVE-2023-22742)

  - libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid
    API, allowing to build Git functionality into your application. Using well-crafted inputs to
    `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of
    Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop
    to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to
    force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the
    extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not
    affected. Users should upgrade to version 1.6.5 or 1.7.2. (CVE-2024-24575)

  - libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid
    API, allowing to build Git functionality into your application. Using well-crafted inputs to
    `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is
    an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be
    freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to
    controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary
    code execution. This issue has been patched in version 1.6.5 and 1.7.2. (CVE-2024-24577)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6678-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12279");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2024-24577");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:23.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-1.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-1.5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-26");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-28");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgit2-fixtures");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release || '23.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04 / 23.10', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'libgit2-24', 'pkgver': '0.24.1-2ubuntu0.2+esm2'},
    {'osver': '16.04', 'pkgname': 'libgit2-dev', 'pkgver': '0.24.1-2ubuntu0.2+esm2'},
    {'osver': '18.04', 'pkgname': 'libgit2-26', 'pkgver': '0.26.0+dfsg.1-1.1ubuntu0.2+esm1'},
    {'osver': '18.04', 'pkgname': 'libgit2-dev', 'pkgver': '0.26.0+dfsg.1-1.1ubuntu0.2+esm1'},
    {'osver': '20.04', 'pkgname': 'libgit2-28', 'pkgver': '0.28.4+dfsg.1-2ubuntu0.1'},
    {'osver': '20.04', 'pkgname': 'libgit2-dev', 'pkgver': '0.28.4+dfsg.1-2ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libgit2-1.1', 'pkgver': '1.1.0+dfsg.1-4.1ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libgit2-dev', 'pkgver': '1.1.0+dfsg.1-4.1ubuntu0.1'},
    {'osver': '22.04', 'pkgname': 'libgit2-fixtures', 'pkgver': '1.1.0+dfsg.1-4.1ubuntu0.1'},
    {'osver': '23.10', 'pkgname': 'libgit2-1.5', 'pkgver': '1.5.1+ds-1ubuntu1.1'},
    {'osver': '23.10', 'pkgname': 'libgit2-dev', 'pkgver': '1.5.1+ds-1ubuntu1.1'},
    {'osver': '23.10', 'pkgname': 'libgit2-fixtures', 'pkgver': '1.5.1+ds-1ubuntu1.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libgit2-1.1 / libgit2-1.5 / libgit2-24 / libgit2-26 / libgit2-28 / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linux23.10cpe:/o:canonical:ubuntu_linux:23.10
canonicalubuntu_linuxlibgit2-1.1p-cpe:/a:canonical:ubuntu_linux:libgit2-1.1
canonicalubuntu_linuxlibgit2-1.5p-cpe:/a:canonical:ubuntu_linux:libgit2-1.5
canonicalubuntu_linuxlibgit2-24p-cpe:/a:canonical:ubuntu_linux:libgit2-24
canonicalubuntu_linuxlibgit2-26p-cpe:/a:canonical:ubuntu_linux:libgit2-26
canonicalubuntu_linuxlibgit2-28p-cpe:/a:canonical:ubuntu_linux:libgit2-28
Rows per page:
1-10 of 121

Related

ubuntu 2
osv 16
openvas 46
nessus 25
debian 7
redos 1
fedora 36
amazon 1
prion 6
cvelist 6
redhatcve 6
cve 6
ubuntucve 7
debiancve 6
mageia 1
wolfi 2
alpinelinux 4
cgr 3
cbl_mariner 5
veracode 5
freebsd 1
rustsec 1
mscve 1
rosalinux 1
symantec 1
github 1
oraclelinux 1
gentoo 1
ubuntu
ubuntu
libgit2 vulnerabilities
2024-03-05 00:00:00
Git vulnerabilities
2019-12-10 00:00:00
osv
osv
libgit2 vulnerabilities
2024-03-05 18:46:35
libgit2 - security update
2023-02-23 00:00:00
Memory corruption, denial of service, and arbitrary code execution in libgit2
2024-02-06 12:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6678-1)
2024-03-06 00:00:00
Huawei EulerOS: Security Advisory for libgit2 (EulerOS-SA-2020-1861)
2020-08-31 00:00:00
Debian: Security Advisory (DLA-3340-1)
2023-02-24 00:00:00
nessus
nessus
Debian DLA-3340-1 : libgit2 - LTS security update
2023-02-24 00:00:00
EulerOS 2.0 SP8 : libgit2 (EulerOS-SA-2020-1861)
2020-08-28 00:00:00
RHEL 7 : libgit2 (Unpatched Vulnerability)
2024-05-11 00:00:00
debian
debian
[SECURITY] [DLA 3340-1] libgit2 security update
2023-02-23 21:22:01
[SECURITY] [DSA 5619-1] libgit2 security update
2024-02-09 19:16:16
[SECURITY] [DLA 2936-1] libgit2 security update
2022-03-21 00:40:37
redos
redos
ROS-20240410-13
2024-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: rust-eza-0.17.3-2.fc39
2024-02-20 01:40:34
[SECURITY] Fedora 39 Update: rust-gitui-0.24.3-4.fc39
2024-02-20 01:40:34
[SECURITY] Fedora 38 Update: rust-libgit2-sys-0.16.2-1.fc38
2024-02-22 02:43:26
amazon
amazon
Important: rust
2024-03-13 20:26:00
prion
prion
Remote code execution
2020-04-27 17:15:00
Remote code execution
2020-04-27 17:15:00
Improper access control
2024-02-06 22:16:00
cvelist
cvelist
CVE-2020-12278
2020-04-27 00:00:00
CVE-2020-12279
2020-04-27 00:00:00
CVE-2024-24575 libgit2 is vulnerable to a denial of service attack in `git_revparse_single`
2024-02-06 21:27:57
redhatcve
redhatcve
CVE-2020-12278
2020-04-29 14:10:31
CVE-2020-12279
2020-04-29 14:10:02
CVE-2024-24575
2024-02-07 00:29:30
cve
cve
CVE-2020-12279
2020-04-27 17:15:00
CVE-2020-12278
2020-04-27 17:15:00
CVE-2024-24575
2024-02-06 22:16:15
ubuntucve
ubuntucve
CVE-2020-12278
2020-04-27 00:00:00
CVE-2020-12279
2020-04-27 00:00:00
CVE-2024-24575
2024-02-06 00:00:00
debiancve
debiancve
CVE-2020-12278
2020-04-27 17:15:00
CVE-2020-12279
2020-04-27 17:15:00
CVE-2024-24577
2024-02-06 22:16:15
mageia
mageia
Updated libgit2 packages fix security vulnerabilities
2024-03-14 20:25:59
wolfi
wolfi
CVE-2024-24575 vulnerabilities
2024-05-17 09:07:10
CVE-2024-24577 vulnerabilities
2024-05-17 09:07:10
alpinelinux
alpinelinux
CVE-2024-24577
2024-02-06 22:16:15
CVE-2024-24575
2024-02-06 22:16:15
CVE-2023-22742
2023-01-20 23:15:10
cgr
cgr
CVE-2024-24577 vulnerabilities
2024-05-17 09:07:10
CVE-2024-24575 vulnerabilities
2024-05-17 09:07:10
CVE-2023-22742 vulnerabilities
2024-05-17 09:07:10
cbl_mariner
cbl_mariner
CVE-2024-24577 affecting package libgit2 for versions less than 1.6.5-1
2024-02-28 17:38:28
CVE-2024-24575 affecting package libgit2 for versions less than 1.6.5-1
2024-02-28 17:38:28
CVE-2023-22742 affecting package rust for versions less than 1.68.0-1
2023-10-11 01:41:59
veracode
veracode
Heap Buffer Overflow
2024-02-07 07:11:54
Denial Of Service( DoS)
2024-02-07 08:07:20
Arbitrary Files Overwrite
2019-12-20 00:15:19
freebsd
freebsd
Libgit2 -- multiple vulnerabilities
2024-02-06 00:00:00
rustsec
rustsec
git2 does not verify SSH keys by default
2023-01-20 12:00:00
mscve
mscve
Git for Visual Studio Remote Code Execution Vulnerability
2019-12-10 08:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2235
2023-09-12 12:11:33
symantec
symantec
Microsoft Git for Visual Studio CVE-2019-1352 Remote Code Execution Vulnerability
2019-12-10 00:00:00
github
github
git2-rs fails to verify SSH keys by default
2023-01-20 23:36:41
oraclelinux
oraclelinux
git security update
2019-12-19 00:00:00
gentoo
gentoo
Git: Multiple vulnerabilities
2020-03-15 00:00:00

8.4 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-6678-1.NASL
ubuntu2osv16openvas46nessus25debian7redos1fedora36amazon1prion6cvelist6redhatcve6cve6ubuntucve7debiancve6mageia1wolfi2alpinelinux4cgr3cbl_mariner5veracode5freebsd1rustsec1mscve1rosalinux1symantec1github1oraclelinux1gentoo1