Mageia: Security Advisory (MGASA-2016-0307)

2022-01-2800:00:00

plugins.openvas.org

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.5%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2016.0307");
  script_cve_id("CVE-2016-1669");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2016-05-16 18:36:31 +0000 (Mon, 16 May 2016)");

  script_name("Mageia: Security Advisory (MGASA-2016-0307)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA5");

  script_xref(name:"Advisory-ID", value:"MGASA-2016-0307");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2016-0307.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=18481");
  script_xref(name:"URL", value:"https://nodejs.org/en/blog/release/v0.10.44/");
  script_xref(name:"URL", value:"https://nodejs.org/en/blog/release/v0.10.45/");
  script_xref(name:"URL", value:"https://nodejs.org/en/blog/release/v0.10.46/");
  script_xref(name:"URL", value:"https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/");
  script_xref(name:"URL", value:"https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2016-0307 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Under certain conditions, V8 may improperly expand memory allocations in
the Zone::New function. This could potentially be used to cause a Denial
of Service via buffer overflow or as a trigger for a remote code execution
(CVE-2016-1669).

The primary npm registry has used HTTP bearer tokens to authenticate
requests from the npm command-line interface. Due to a design flaw in the
CLI, these bearer tokens were sent with every request made by the CLI for
logged-in users, regardless of the destination of the request. This flaw
allows an attacker to set up an HTTP server that could collect
authentication information they could use to impersonate the users whose
tokens they collected. This impersonation would allow them to do anything
the compromised users could do, including publishing new versions of
packages.");

  script_tag(name:"affected", value:"'nodejs' package(s) on Mageia 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA5") {

  if(!isnull(res = isrpmvuln(pkg:"nodejs", rpm:"nodejs~0.10.46~1.mga5", rls:"MAGEIA5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);