Mageia: Security Advisory (MGASA-2020-0476)

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0476");
  script_cve_id("CVE-2019-13351");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-07-11 18:15:18 +0000 (Thu, 11 Jul 2019)");

  script_name("Mageia: Security Advisory (MGASA-2020-0476)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");

  script_xref(name:"Advisory-ID", value:"MGASA-2020-0476");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0476.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=27775");
  script_xref(name:"URL", value:"https://ubuntu.com/security/CVE-2019-13351");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'jackit' package(s) announced via the MGASA-2020-0476 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 has a 'double
file descriptor close' issue during a failed connection attempt when jackd2 is
not running. Exploitation success depends on multithreaded timing of that
double close, which can result in unintended information disclosure, crashes,
or file corruption due to having the wrong file associated with the file
descriptor (CVE-2019-13351).");

  script_tag(name:"affected", value:"'jackit' package(s) on Mageia 7.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA7") {

  if(!isnull(res = isrpmvuln(pkg:"jackit", rpm:"jackit~1.9.12~2.1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"jackit-example-clients", rpm:"jackit-example-clients~1.9.12~2.1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64jack-devel", rpm:"lib64jack-devel~1.9.12~2.1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64jack0", rpm:"lib64jack0~1.9.12~2.1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libjack-devel", rpm:"libjack-devel~1.9.12~2.1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libjack0", rpm:"libjack0~1.9.12~2.1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);