Mageia: Security Advisory (MGASA-2022-0236)

2022-06-2000:00:00

plugins.openvas.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.1 Medium

AI Score

Confidence

Low

0.733 High

EPSS

Percentile

98.1%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2022.0236");
  script_cve_id("CVE-2021-36045", "CVE-2021-36046", "CVE-2021-36047", "CVE-2021-36048", "CVE-2021-36050", "CVE-2021-36051", "CVE-2021-36052", "CVE-2021-36053", "CVE-2021-36054", "CVE-2021-36055", "CVE-2021-36056", "CVE-2021-36058", "CVE-2021-36064", "CVE-2021-39847", "CVE-2021-40716", "CVE-2021-40732", "CVE-2021-42528", "CVE-2021-42529", "CVE-2021-42530", "CVE-2021-42531", "CVE-2021-42532");
  script_tag(name:"creation_date", value:"2022-06-20 04:29:41 +0000 (Mon, 20 Jun 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-05-11 00:36:37 +0000 (Wed, 11 May 2022)");

  script_name("Mageia: Security Advisory (MGASA-2022-0236)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA8");

  script_xref(name:"Advisory-ID", value:"MGASA-2022-0236");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2022-0236.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=30557");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-5483-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'exempi' package(s) announced via the MGASA-2022-0236 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an
out-of-bounds read vulnerability that could lead to disclosure of
arbitrary memory. An attacker could leverage this vulnerability to bypass
mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file. (CVE-2021-36045)

XMP Toolkit version 2020.1 (and earlier) is affected by a memory
corruption vulnerability, potentially resulting in arbitrary code
execution in the context of the current user. User interaction is required
to exploit this vulnerability. (CVE-2021-36046)

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper
Input Validation vulnerability potentially resulting in arbitrary code
execution in the context of the current user. Exploitation requires user
interaction in that a victim must open a crafted file. (CVE-2021-36047)

XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper
Input Validation vulnerability potentially resulting in arbitrary code
execution in the context of the current user. Exploitation requires user
interaction in that a victim must open a crafted file. (CVE-2021-36048)

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer
overflow vulnerability potentially resulting in arbitrary code execution
in the context of the current user. Exploitation requires user interaction
in that a victim must open a crafted file. (CVE-2021-36050)

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer
overflow vulnerability potentially resulting in arbitrary code execution
in the context of the current user. Exploitation requires user interaction
in that a victim must open a specially-crafted .cpp file. (CVE-2021-36051)

XMP Toolkit version 2020.1 (and earlier) is affected by a memory
corruption vulnerability, potentially resulting in arbitrary code
execution in the context of the current user. User interaction is required
to exploit this vulnerability. (CVE-2021-36052)

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an
out-of-bounds read vulnerability that could lead to disclosure of
arbitrary memory. An attacker could leverage this vulnerability to bypass
mitigations such as ASLR. Exploitation of this issue requires user
interaction in that a victim must open a malicious file. (CVE-2021-36053)

XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer
overflow vulnerability potentially resulting in local application denial
of service in the context of the current user. Exploitation requires user
interaction in that a victim must open a crafted file. (CVE-2021-36054)

XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a
use-after-free vulnerability that could result in arbitrary code execution
in the context of the current user. Exploitation of this issue requires
user interaction in that a victim must open a malicious ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'exempi' package(s) on Mageia 8.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA8") {

  if(!isnull(res = isrpmvuln(pkg:"exempi", rpm:"exempi~2.5.1~2.1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64exempi-devel", rpm:"lib64exempi-devel~2.5.1~2.1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64exempi8", rpm:"lib64exempi8~2.5.1~2.1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libexempi-devel", rpm:"libexempi-devel~2.5.1~2.1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libexempi8", rpm:"libexempi8~2.5.1~2.1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);