Mageia: Security Advisory (MGASA-2015-0453)

2015-11-2300:00:00

plugins.openvas.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.041

Percentile

92.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2015 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.131135");
  script_cve_id("CVE-2015-8106");
  script_tag(name:"creation_date", value:"2015-11-23 05:46:09 +0000 (Mon, 23 Nov 2015)");
  script_version("2024-02-02T05:06:05+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:05 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2016-04-19 19:23:27 +0000 (Tue, 19 Apr 2016)");

  script_name("Mageia: Security Advisory (MGASA-2015-0453)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");

  script_xref(name:"Advisory-ID", value:"MGASA-2015-0453");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0453.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=17164");
  script_xref(name:"URL", value:"http://openwall.com/lists/oss-security/2015/11/16/3");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8106");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'latex2rtf' package(s) announced via the MGASA-2015-0453 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"A format string vulnerability was found in CmdKeywords function when
processing \keywords command in tex file. When the user runs latex2rtf
with malicious crafted tex file, an attacker can execute arbitrary code.
The variable 'keywords' in the function CmdKeywords may hold a malicious
input string, which can be used as a format argument of vsnprintf
(CVE-2015-8106).");

  script_tag(name:"affected", value:"'latex2rtf' package(s) on Mageia 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA5") {

  if(!isnull(res = isrpmvuln(pkg:"latex2rtf", rpm:"latex2rtf~2.3.8~3.1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);