Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2936.NASL
HistoryMar 21, 2022 - 12:00 a.m.

Debian DLA-2936-1 : libgit2 - LTS security update

2022-03-2100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.087 Low

EPSS

Percentile

94.6%

JSON

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2936 advisory.

  • A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. (CVE-2018-10887)

  • A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. (CVE-2018-10888)

  • In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol ng packet that lacks a ‘\0’ byte to trigger an out-of-bounds read that leads to DoS. (CVE-2018-15501)

  • Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. (CVE-2018-8098)

  • Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. (CVE-2018-8099)

  • A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka ‘Git for Visual Studio Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1352)

  • An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as WSL) while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
    (CVE-2019-1353)

  • An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352. (CVE-2020-12278)

  • An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353. (CVE-2020-12279)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-2936. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159090);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/03");

  script_cve_id(
    "CVE-2018-8098",
    "CVE-2018-8099",
    "CVE-2018-10887",
    "CVE-2018-10888",
    "CVE-2018-15501",
    "CVE-2019-1352",
    "CVE-2019-1353",
    "CVE-2020-12278",
    "CVE-2020-12279"
  );
  script_xref(name:"IAVA", value:"2019-A-0454-S");

  script_name(english:"Debian DLA-2936-1 : libgit2 - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-2936 advisory.

  - A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign
    extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads
    to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak
    memory addresses or cause a Denial of Service. (CVE-2018-10887)

  - A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c
    file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to
    cause a Denial of Service. (CVE-2018-10888)

  - In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker
    can send a crafted smart-protocol ng packet that lacks a '\0' byte to trigger an out-of-bounds read that
    leads to DoS. (CVE-2018-15501)

  - Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in
    libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted
    repository index file. (CVE-2018-8098)

  - Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in
    libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository
    index file. (CVE-2018-8099)

  - A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka
    'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. (CVE-2019-1352)

  - An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as WSL)
    while accessing a working directory on a regular Windows drive, none of the NTFS protections were active.
    (CVE-2019-1353)

  - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent
    filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when
    cloning a repository. This issue is similar to CVE-2019-1352. (CVE-2020-12278)

  - An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent
    filenames that exist because of NTFS short names. This may allow remote code execution when cloning a
    repository. This issue is similar to CVE-2019-1353. (CVE-2020-12279)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892961");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/libgit2");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2022/dla-2936");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10887");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-10888");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-15501");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-8098");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-8099");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-1352");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2019-1353");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-12278");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2020-12279");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/libgit2");
  script_set_attribute(attribute:"solution", value:
"Upgrade the libgit2 packages.

For Debian 9 stretch, these problems have been fixed in version 0.25.1+really0.24.6-1+deb9u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1352");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-12279");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgit2-24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgit2-dev");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('audit.inc');
include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var release = get_kb_item('Host/Debian/release');
if ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');
var release = chomp(release);
if (! preg(pattern:"^(9)\.[0-9]+", string:release)) audit(AUDIT_OS_NOT, 'Debian 9.0', 'Debian ' + release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '9.0', 'prefix': 'libgit2-24', 'reference': '0.25.1+really0.24.6-1+deb9u1'},
    {'release': '9.0', 'prefix': 'libgit2-dev', 'reference': '0.25.1+really0.24.6-1+deb9u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (release && prefix && reference) {
    if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libgit2-24 / libgit2-dev');
}
VendorProductVersionCPE
debiandebian_linuxlibgit2-24p-cpe:/a:debian:debian_linux:libgit2-24
debiandebian_linuxlibgit2-devp-cpe:/a:debian:debian_linux:libgit2-dev
debiandebian_linux9.0cpe:/o:debian:debian_linux:9.0

References

Related

debian 6
openvas 32
osv 15
cvelist 9
redhatcve 8
ubuntucve 8
nvd 9
debiancve 9
cve 9
prion 9
alpinelinux 5
nessus 43
suse 4
fedora 12
oraclelinux 1
kaspersky 1
cloudfoundry 1
amazon 3
altlinux 2
gentoo 2
ubuntu 2
freebsd 1
qualysblog 1
archlinux 2
redhat 3
threatpost 1
mageia 1
debian
debian
[SECURITY] [DLA 2936-1] libgit2 security update
2022-03-21 00:39:43
[SECURITY] [DLA 1477-1] libgit2 security update
2018-08-25 21:27:14
[SECURITY] [DLA 2059-1] git security update
2020-01-23 14:27:34
openvas
openvas
Debian: Security Advisory (DLA-2936-1)
2022-03-21 00:00:00
Huawei EulerOS: Security Advisory for libgit2 (EulerOS-SA-2020-1861)
2020-08-31 00:00:00
openSUSE: Security Advisory for libgit2 (openSUSE-SU-2018:3519-1)
2018-10-27 00:00:00
osv
osv
libgit2 - security update
2022-03-07 00:00:00
CVE-2019-1349
2020-01-24 21:15:12
CVE-2019-1354
2020-01-24 21:15:12
cvelist
cvelist
CVE-2019-1350
2020-01-24 20:50:25
CVE-2019-1354
2020-01-24 20:50:26
CVE-2019-1352
2020-01-24 20:50:26
redhatcve
redhatcve
CVE-2019-1350
2019-12-11 00:21:07
CVE-2019-1354
2019-12-11 00:51:03
CVE-2019-1352
2019-12-11 00:50:56
ubuntucve
ubuntucve
CVE-2019-1350
2019-12-10 00:00:00
CVE-2019-1352
2019-12-10 00:00:00
CVE-2019-1349
2019-12-10 00:00:00
nvd
nvd
CVE-2019-1350
2020-01-24 21:15:12
CVE-2019-1352
2020-01-24 21:15:12
CVE-2019-1354
2020-01-24 21:15:12
debiancve
debiancve
CVE-2019-1350
2020-01-24 21:15:12
CVE-2019-1352
2020-01-24 21:15:12
CVE-2019-1354
2020-01-24 21:15:12
cve
cve
CVE-2019-1350
2020-01-24 21:15:12
CVE-2019-1352
2020-01-24 21:15:12
CVE-2019-1354
2020-01-24 21:15:12
prion
prion
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
Remote code execution
2020-01-24 21:15:00
alpinelinux
alpinelinux
CVE-2019-1354
2020-01-24 21:15:12
CVE-2019-1349
2020-01-24 21:15:12
CVE-2019-1352
2020-01-24 21:15:12
nessus
nessus
EulerOS 2.0 SP8 : libgit2 (EulerOS-SA-2020-1861)
2020-08-28 00:00:00
Debian DLA-1477-1 : libgit2 security update
2018-08-28 00:00:00
openSUSE Security Update : libgit2 (openSUSE-2018-1314)
2018-10-29 00:00:00
suse
suse
Security update for libgit2 (moderate)
2018-10-27 00:24:13
Security update for libgit2 (important)
2018-08-25 00:07:49
Security update for git (important)
2020-01-29 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: libgit2-0.28.4-1.fc31
2019-12-17 01:46:03
[SECURITY] Fedora 30 Update: git-2.21.1-1.fc30
2020-01-04 22:16:13
[SECURITY] Fedora 31 Update: git-2.24.1-1.fc31
2019-12-18 01:56:26
oraclelinux
oraclelinux
git security update
2019-12-19 00:00:00
kaspersky
kaspersky
KLA11618 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-10 00:00:00
cloudfoundry
cloudfoundry
USN-4220-1: Git vulnerabilities | Cloud Foundry
2019-12-18 00:00:00
amazon
amazon
Important: git
2019-12-13 19:06:00
Important: git
2019-12-09 22:06:00
Important: git
2023-02-17 00:11:00
altlinux
altlinux
Security fix for the ALT Linux 10 package git version 2.24.1-alt1
2019-12-08 00:00:00
Security fix for the ALT Linux 8 package git version 2.24.1-alt1
2019-12-12 00:00:00
gentoo
gentoo
Git: Multiple vulnerabilities
2020-03-15 00:00:00
libgit2: Multiple vulnerabilities
2020-03-19 00:00:00
ubuntu
ubuntu
Git vulnerabilities
2019-12-10 00:00:00
libgit2 vulnerabilities
2024-03-05 00:00:00
freebsd
freebsd
Libgit2 -- multiple vulnerabilities
2018-07-09 00:00:00
qualysblog
qualysblog
December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns
2019-12-10 19:04:23
archlinux
archlinux
[ASA-201912-5] libgit2: arbitrary code execution
2019-12-18 00:00:00
[ASA-201912-6] git: arbitrary code execution
2019-12-18 00:00:00
redhat
redhat
(RHSA-2020:0002) Important: rh-git218-git security update
2020-01-02 08:21:54
(RHSA-2019:4356) Important: git security update
2019-12-19 18:18:24
(RHSA-2020:0228) Important: git security update
2020-01-27 08:04:40
threatpost
threatpost
Microsoft Zaps Actively Exploited Zero-Day Bug
2019-12-10 21:21:24
mageia
mageia
Updated libgit2 packages fix security vulnerabilities
2019-12-15 21:03:05

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.087 Low

EPSS

Percentile

94.6%

JSON
Related for DEBIAN_DLA-2936.NASL
debian6openvas32osv15cvelist9redhatcve8ubuntucve8nvd9debiancve9cve9prion9alpinelinux5nessus43suse4fedora12oraclelinux1kaspersky1cloudfoundry1amazon3altlinux2gentoo2ubuntu2freebsd1qualysblog1archlinux2redhat3threatpost1mageia1