9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2024.0217");
script_cve_id("CVE-2024-24789", "CVE-2024-24790");
script_tag(name:"creation_date", value:"2024-06-14 04:11:18 +0000 (Fri, 14 Jun 2024)");
script_version("2024-06-19T05:05:42+0000");
script_tag(name:"last_modification", value:"2024-06-19 05:05:42 +0000 (Wed, 19 Jun 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-06-18 17:59:12 +0000 (Tue, 18 Jun 2024)");
script_name("Mageia: Security Advisory (MGASA-2024-0217)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA9");
script_xref(name:"Advisory-ID", value:"MGASA-2024-0217");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2024-0217.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=33269");
script_xref(name:"URL", value:"https://www.openwall.com/lists/oss-security/2024/06/04/1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'golang' package(s) announced via the MGASA-2024-0217 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The archive/zip package's handling of certain types of invalid zip files
differs from the behavior of most zip implementations. This misalignment
could be exploited to create an zip file with contents that vary
depending on the implementation reading the file. The archive/zip
package now rejects files containing these errors. (CVE-2024-24789)
The various Is methods (IsPrivate, IsLoopback, etc) did not work as
expected for IPv4-mapped IPv6 addresses, returning false for addresses
which would return true in their traditional IPv4 forms.
(CVE-2024-24790)");
script_tag(name:"affected", value:"'golang' package(s) on Mageia 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA9") {
if(!isnull(res = isrpmvuln(pkg:"golang", rpm:"golang~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"golang-bin", rpm:"golang-bin~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"golang-docs", rpm:"golang-docs~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"golang-misc", rpm:"golang-misc~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"golang-shared", rpm:"golang-shared~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"golang-src", rpm:"golang-src~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"golang-tests", rpm:"golang-tests~1.21.11~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.0%