Lucene search

K

Debian: Security Advisory (DSA-2114-1)

🗓️ 08 Mar 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 14 Views

The Debian DSA-2114-1 advisory fixes a regression in the 'git-core' package that caused issues while cloning or creating Git repositories due to a security update. Upgrade 'git-core' packages

Show more
Related
Refs
Code
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.1.1.2010.2114");
  script_cve_id("CVE-2010-2542");
  script_tag(name:"creation_date", value:"2023-03-08 12:56:44 +0000 (Wed, 08 Mar 2023)");
  script_version("2024-02-01T14:37:13+0000");
  script_tag(name:"last_modification", value:"2024-02-01 14:37:13 +0000 (Thu, 01 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_name("Debian: Security Advisory (DSA-2114-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB5");

  script_xref(name:"Advisory-ID", value:"DSA-2114-1");
  script_xref(name:"URL", value:"https://www.debian.org/security/2010/DSA-2114-1");
  script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-2114");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'git-core' package(s) announced via the DSA-2114-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"The Debian stable point release 5.0.6 included updated packages of the Git revision control system in order to fix a security issue. Unfortunately, the update introduced a regression which could make it impossible to clone or create Git repositories. This upgrade fixes this regression, which is tracked as Debian bug #595728.

The original security issue allowed an attacker to execute arbitrary code if he could trick a local user to execute a git command in a crafted working directory (CVE-2010-2542).

For the stable distribution (lenny), this problem has been fixed in version 1.5.6.5-3+lenny3.2.

The packages for the hppa architecture are not included in this advisory. However, the hppa architecture is not known to be affected by the regression.

For the testing distribution (squeeze) and the unstable distribution (sid), the security issue has been fixed in version 1.7.1-1.1. These distributions were not affected by the regression.

We recommend that you upgrade your git-core packages.");

  script_tag(name:"affected", value:"'git-core' package(s) on Debian 5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB5") {

  if(!isnull(res = isdpkgvuln(pkg:"git-arch", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-core", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-core", ver:"1:1.5.6.5-3+lenny3.1+b1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-cvs", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-daemon-run", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-doc", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-email", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-gui", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"git-svn", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"gitk", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"gitweb", ver:"1:1.5.6.5-3+lenny3.1", rls:"DEB5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Mar 2023 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.003
14
.json
Report