Debian DLA-3675-1 : zbar - LTS security update

2023-12-0400:00:00

www.tenable.com

debian

zbar

lts

security update

heap-based buffer overflow

stack-based buffer overflow

cve-2023-40889

cve-2023-40890

nessus

vulnerability

information disclosure

arbitrary code execution

qr codes

scanner

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.003

Percentile

69.3%

JSON

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3675 advisory.

A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. (CVE-2023-40889)
A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90.
Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. (CVE-2023-40890)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-3675. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(186540);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/04");

  script_cve_id("CVE-2023-40889", "CVE-2023-40890");

  script_name(english:"Debian DLA-3675-1 : zbar - LTS security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-3675 advisory.

  - A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially
    crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this
    vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically
    scanned by the vulnerable scanner. (CVE-2023-40889)

  - A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90.
    Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger
    this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically
    scanned by the vulnerable scanner. (CVE-2023-40890)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051724");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/zbar");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/lts/security/2023/dla-3675");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-40889");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-40890");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/zbar");
  script_set_attribute(attribute:"solution", value:
"Upgrade the zbar packages.

For Debian 10 buster, these problems have been fixed in version 0.22-1+deb10u1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40890");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbarcode-zbar-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libzbar-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libzbar0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libzbargtk-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libzbargtk0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-zbar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-zbarpygtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zbar-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(10)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '10.0', 'prefix': 'libbarcode-zbar-perl', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'libzbar-dev', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'libzbar0', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'libzbargtk-dev', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'libzbargtk0', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'python-zbar', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'python-zbarpygtk', 'reference': '0.22-1+deb10u1'},
    {'release': '10.0', 'prefix': 'zbar-tools', 'reference': '0.22-1+deb10u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libbarcode-zbar-perl / libzbar-dev / libzbar0 / libzbargtk-dev / etc');
}