Debian DLA-2760-1 : nettle - LTS security update

2021-09-1900:00:00

www.tenable.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.011 Low

EPSS

Percentile

84.2%

JSON

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2760 advisory.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)
A flaw was found in the way nettle’s RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. (CVE-2021-3580)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-2760. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153482);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/19");

  script_cve_id("CVE-2021-3580", "CVE-2021-20305");

  script_name(english:"Debian DLA-2760-1 : nettle - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-2760 advisory.

  - A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions
    (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being
    called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to
    force an invalid signature, causing an assertion failure or possible validation. The highest threat to
    this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-20305)

  - A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An
    attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial
    of service. (CVE-2021-3580)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985652");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/nettle");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2021/dla-2760");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-20305");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2021-3580");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/nettle");
  script_set_attribute(attribute:"solution", value:
"Upgrade the nettle packages.

For Debian 9 stretch, these problems have been fixed in version 3.3-1+deb9u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20305");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libhogweed4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnettle6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nettle-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nettle-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nettle-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('audit.inc');
include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(9)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '9.0', 'prefix': 'libhogweed4', 'reference': '3.3-1+deb9u1'},
    {'release': '9.0', 'prefix': 'libnettle6', 'reference': '3.3-1+deb9u1'},
    {'release': '9.0', 'prefix': 'nettle-bin', 'reference': '3.3-1+deb9u1'},
    {'release': '9.0', 'prefix': 'nettle-dbg', 'reference': '3.3-1+deb9u1'},
    {'release': '9.0', 'prefix': 'nettle-dev', 'reference': '3.3-1+deb9u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libhogweed4 / libnettle6 / nettle-bin / nettle-dbg / nettle-dev');
}

VendorProductVersionCPE
debiandebian_linuxlibhogweed4p-cpe:/a:debian:debian_linux:libhogweed4
debiandebian_linuxlibnettle6p-cpe:/a:debian:debian_linux:libnettle6
debiandebian_linuxnettle-binp-cpe:/a:debian:debian_linux:nettle-bin
debiandebian_linuxnettle-dbgp-cpe:/a:debian:debian_linux:nettle-dbg
debiandebian_linuxnettle-devp-cpe:/a:debian:debian_linux:nettle-dev
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

Vendor	Product	Version	CPE
debian	debian_linux	libhogweed4	p-cpe:/a:debian:debian_linux:libhogweed4
debian	debian_linux	libnettle6	p-cpe:/a:debian:debian_linux:libnettle6
debian	debian_linux	nettle-bin	p-cpe:/a:debian:debian_linux:nettle-bin
debian	debian_linux	nettle-dbg	p-cpe:/a:debian:debian_linux:nettle-dbg
debian	debian_linux	nettle-dev	p-cpe:/a:debian:debian_linux:nettle-dev
debian	debian_linux	9.0	cpe:/o:debian:debian_linux:9.0