Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623111020210272HistoryJan 28, 2022 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2021-0272)
2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
5
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2021.0272");
script_cve_id("CVE-2018-1340", "CVE-2020-11997", "CVE-2020-9497", "CVE-2020-9498");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-07-21 16:02:32 +0000 (Tue, 21 Jul 2020)");
script_name("Mageia: Security Advisory (MGASA-2021-0272)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2021-0272");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2021-0272.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=28158");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=24509");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=27593");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/32RWZPQ7FRP73BVKOQK27XV6TX47TT3R/");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/");
script_xref(name:"URL", value:"https://www.openwall.com/lists/oss-security/2021/01/18/1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'guacd, ossp_uuid, util-linux' package(s) announced via the MGASA-2021-0272 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the
user's session token. This cookie lacked the 'secure' flag, which could allow
an attacker eavesdropping on the network to intercept the user's session token
if unencrypted HTTP requests are made to the same domain (CVE-2018-1340).
Apache Guacamole 1.1.0 and older do not properly validate data received from
RDP servers via static virtual channels. If a user connects to a malicious or
compromised RDP server, specially-crafted PDUs could result in disclosure of
information within the memory of the guacd process handling the connection
(CVE-2020-9497).
Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing
data received via RDP static virtual channels. If a user connects to a malicious
or compromised RDP server, a series of specially-crafted PDUs could result in
memory corruption, possibly allowing arbitrary code to be executed with the
privileges of the running guacd process (CVE-2020-9498).
Apache Guacamole 1.2.0 and older do not consistently restrict access to
connection history based on user visibility. If multiple users share access to
the same connection, those users may be able to see which other users have
accessed that connection, as well as the IP addresses from which that connection
was accessed, even if those users do not otherwise have permission to see
other users (CVE-2020-11997).
This is an update of guacd to latest version to fix security issues.
We also updated util-linux and ossp_uuid to make them co installable as
guacd requires ossp_uuid.");
script_tag(name:"affected", value:"'guacd, ossp_uuid, util-linux' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"guacd", rpm:"guacd~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64blkid-devel", rpm:"lib64blkid-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64blkid1", rpm:"lib64blkid1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64fdisk-devel", rpm:"lib64fdisk-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64fdisk1", rpm:"lib64fdisk1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64guac-client-kubernetes0", rpm:"lib64guac-client-kubernetes0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64guac-client-ssh0", rpm:"lib64guac-client-ssh0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64guac-client-telnet0", rpm:"lib64guac-client-telnet0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64guac-client-vnc0", rpm:"lib64guac-client-vnc0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64guac-devel", rpm:"lib64guac-devel~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64guac19", rpm:"lib64guac19~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mount-devel", rpm:"lib64mount-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mount1", rpm:"lib64mount1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64ossp_uuid-devel", rpm:"lib64ossp_uuid-devel~1.6.2~21.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64ossp_uuid16", rpm:"lib64ossp_uuid16~1.6.2~21.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64smartcols-devel", rpm:"lib64smartcols-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64smartcols1", rpm:"lib64smartcols1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64uuid-devel", rpm:"lib64uuid-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64uuid1", rpm:"lib64uuid1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libblkid-devel", rpm:"libblkid-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libblkid1", rpm:"libblkid1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfdisk-devel", rpm:"libfdisk-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfdisk1", rpm:"libfdisk1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libguac-client-kubernetes0", rpm:"libguac-client-kubernetes0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libguac-client-ssh0", rpm:"libguac-client-ssh0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libguac-client-telnet0", rpm:"libguac-client-telnet0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libguac-client-vnc0", rpm:"libguac-client-vnc0~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libguac-devel", rpm:"libguac-devel~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libguac19", rpm:"libguac19~1.3.0~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmount-devel", rpm:"libmount-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmount1", rpm:"libmount1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libossp_uuid-devel", rpm:"libossp_uuid-devel~1.6.2~21.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libossp_uuid16", rpm:"libossp_uuid16~1.6.2~21.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsmartcols-devel", rpm:"libsmartcols-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsmartcols1", rpm:"libsmartcols1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuuid-devel", rpm:"libuuid-devel~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuuid1", rpm:"libuuid1~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ossp_uuid", rpm:"ossp_uuid~1.6.2~21.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perl-OSSP-uuid", rpm:"perl-OSSP-uuid~1.6.2~21.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-libmount", rpm:"python-libmount~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"util-linux", rpm:"util-linux~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"uuidd", rpm:"uuidd~2.33.2~1.1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
advisories.mageia.org/MGASA-2021-0272.html
bugs.mageia.org/show_bug.cgi?id=24509
bugs.mageia.org/show_bug.cgi?id=27593
bugs.mageia.org/show_bug.cgi?id=28158
lists.fedoraproject.org/archives/list/[email protected]/thread/32RWZPQ7FRP73BVKOQK27XV6TX47TT3R/
lists.fedoraproject.org/archives/list/[email protected]/thread/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/
www.openwall.com/lists/oss-security/2021/01/18/1
MGASA-2021-0272
Related
mageia
mageia
Updated guacd packages fix security vulnerabilities
2021-06-23 20:11:28
openvas
openvas
Debian: Security Advisory (DLA-2435-1)
2020-11-07 00:00:00
Fedora: Security Advisory for guacamole-server (FEDORA-2020-640645e518)
2021-01-11 00:00:00
Fedora: Security Advisory for guacamole-server (FEDORA-2020-bfde0ab889)
2021-01-11 00:00:00
nessus
nessus
Fedora 33 : guacamole-server (2020-640645e518)
2021-01-04 00:00:00
Debian DLA-2435-1 : guacamole-server security update
2020-11-09 00:00:00
Fedora 32 : guacamole-server (2020-bfde0ab889)
2021-01-04 00:00:00
threatpost
threatpost
Apache Guacamole Opens Door for Total Control of Remote Footprint
2020-07-02 16:14:46
fedora
fedora
[SECURITY] Fedora 32 Update: guacamole-server-1.2.0-3.fc32
2021-01-04 01:18:06
[SECURITY] Fedora 33 Update: guacamole-server-1.2.0-3.fc33
2021-01-04 01:07:50
[SECURITY] Fedora 28 Update: guacamole-server-1.0.0-1.fc28
2019-03-12 21:45:05
debian
debian
[SECURITY] [DLA 2435-1] guacamole-server security update
2020-11-06 22:52:16
osv
osv
guacamole-server - security update
2020-11-05 00:00:00
CVE-2020-11997
2021-01-19 22:15:12
BIT-guacamole-2020-11997
2024-03-06 10:54:08
thn
thn
Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking
2020-07-02 09:59:00
prion
prion
Session fixation
2021-01-19 22:15:00
Memory corruption
2020-07-02 13:15:00
Design/Logic Flaw
2020-07-02 13:15:00
github
github
Incorrect Default Permissions in Apache Guacamole
2022-01-06 20:34:35
Missing Encryption of Sensitive Data in Apache Guacamole
2022-05-13 01:49:47
cvelist
cvelist
debiancve
debiancve
cve
cve
ubuntucve
ubuntucve
veracode
veracode
Arbitrary Code Execution
2020-07-03 04:52:18
Insecure Cookie Configuration
2019-07-10 04:47:32
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
50.3%
Related for OPENVAS:13614125623111020210272