Mageia: Security Advisory (MGASA-2015-0122)

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2015.0122");
  script_cve_id("CVE-2014-3539");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-05-15 18:39:49 +0000 (Tue, 15 May 2018)");

  script_name("Mageia: Security Advisory (MGASA-2015-0122)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA4");

  script_xref(name:"Advisory-ID", value:"MGASA-2015-0122");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0122.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=15427");
  script_xref(name:"URL", value:"http://lists.opensuse.org/opensuse-updates/2015-03/msg00004.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'python-rope' package(s) announced via the MGASA-2015-0122 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"The python-rope utility has been caught passing remotely supplied data to
pickle.load(), enabling possible code-execution attacks. This can happen when
the 'perform_doa' (dynamic object analysis) option is enabled, which it
previously had been by default.

This update changes the default configuration to disable this option. This
only mitigates the issue, as it will still be vulnerable if the option is
enabled.

If 'perform_doa' is enabled, python-rope can be persuaded to open under some
circumstances a network port for short moment of time, which can be used to
push commands to the running process, so the process could run some commands
under the privileges of the user running python-rope. Anyone who enables this
option is advised to make sure the computer is protected by a firewall.");

  script_tag(name:"affected", value:"'python-rope' package(s) on Mageia 4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA4") {

  if(!isnull(res = isrpmvuln(pkg:"python-rope", rpm:"python-rope~0.9.4~4.1.mga4", rls:"MAGEIA4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);