Mageia: Security Advisory (MGASA-2015-0300)

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.130078");
  script_cve_id("CVE-2015-4707", "CVE-2015-5607");
  script_tag(name:"creation_date", value:"2015-10-15 07:42:27 +0000 (Thu, 15 Oct 2015)");
  script_version("2024-02-02T05:06:05+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2017-10-05 14:31:18 +0000 (Thu, 05 Oct 2017)");

  script_name("Mageia: Security Advisory (MGASA-2015-0300)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA(4|5)");

  script_xref(name:"Advisory-ID", value:"MGASA-2015-0300");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0300.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=16183");
  script_xref(name:"URL", value:"http://openwall.com/lists/oss-security/2015/06/22/7");
  script_xref(name:"URL", value:"http://openwall.com/lists/oss-security/2015/07/12/4");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'ipython' package(s) announced via the MGASA-2015-0300 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"JSON error responses from the IPython notebook REST API contained
URL parameters and were incorrectly reported as text/html instead of
application/json. The error messages included some of these URL params,
resulting in a cross site scripting attack (CVE-2015-4707).

POST requests exposed via the IPython REST API are vulnerable to
cross-site request forgery (CSRF). Web pages on different domains can make
non-AJAX POST requests to known IPython URLs, and IPython will honor them.
The user's browser will automatically send IPython cookies along with the
requests. The response is blocked by the Same-Origin Policy, but the
request isn't (CVE-2015-5607).

The Mageia 5 package has been patched to fix these issues. The Mageia 4
package wasn't vulnerable to CVE-2015-4707, but it has been updated and
patched to fix CVE-2015-5607.");

  script_tag(name:"affected", value:"'ipython' package(s) on Mageia 4, Mageia 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA4") {

  if(!isnull(res = isrpmvuln(pkg:"ipython", rpm:"ipython~2.3.0~1.mga4", rls:"MAGEIA4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "MAGEIA5") {

  if(!isnull(res = isrpmvuln(pkg:"ipython", rpm:"ipython~2.3.0~2.2.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ipython-doc", rpm:"ipython-doc~2.3.0~2.2.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"python3-ipython", rpm:"python3-ipython~2.3.0~2.2.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);