Mageia: Security Advisory (MGASA-2016-0184)

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2016.0184");
  script_cve_id("CVE-2015-8872", "CVE-2016-4804");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"2.1");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2016-06-03 17:46:14 +0000 (Fri, 03 Jun 2016)");

  script_name("Mageia: Security Advisory (MGASA-2016-0184)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");

  script_xref(name:"Advisory-ID", value:"MGASA-2016-0184");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2016-0184.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=18462");
  script_xref(name:"URL", value:"http://openwall.com/lists/oss-security/2016/05/14/1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'dosfstools' package(s) announced via the MGASA-2016-0184 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Updated dosfstools package fixes security vulnerabilities:

In dosfstools before 4.0, if the third to last entry was written on a FAT12
filesystem with an odd number of clusters, the second to last entry would be
corrupted. This corruption may also lead to invalid memory accesses when the
corrupted entry becomes out of bounds and is used later (CVE-2015-8872).

In dosfstools before 4.0, the variable used for storing the FAT size (in bytes)
was an unsigned int. Since the size in sectors read from the BPB was not
sufficiently checked, this could end up being zero after multiplying it with
the sector size while some offsets still stayed excessive. Ultimately it would
cause segfaults when accessing FAT entries for which no memory was allocated
(CVE-2016-4804).");

  script_tag(name:"affected", value:"'dosfstools' package(s) on Mageia 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA5") {

  if(!isnull(res = isrpmvuln(pkg:"dosfstools", rpm:"dosfstools~3.0.27~1.1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);