GlobalSCAPE EFT Recursive Deflate Stream DoS (CVE-2023-2990)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(177841);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/06");

  script_cve_id("CVE-2023-2990");
  script_xref(name:"IAVB", value:"2023-B-0045");

  script_name(english:"GlobalSCAPE EFT Recursive Deflate Stream DoS (CVE-2023-2990)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a FTP server installed that is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of GlobalSCAPE EFT installed on the remote host is 8.0.x prior to 8.0.0.38. A denial of service (DoS)
vulnerability exists due to improper handling of a recursively compressed packet. An unauthenticated, remote attacker can
exploit this issue, via specially crafted packeet, to cause the process to stop responding.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://kb.globalscape.com/Knowledgebase/11588/Is-EFT-susceptible-to-the-Denial-of-service-via-recursive-Deflate-Stream-vulnerability
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e3171f5");
  script_set_attribute(attribute:"solution", value:
"Upgrade to GlobalSCAPE EFT 8.1.0.16 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-2990");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:globalscape:eft_server");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FTP");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("globalscapeftp_detect.nbin");
  script_require_ports("installed_sw/Globalscape FTP", "Services/ftp", 21);

  exit(0);
}
include('ftp_func.inc');
include('vcf.inc');

var app = 'Globalscape FTP';

var port = get_ftp_port(default: 21);

var app_info = vcf::get_app_info(app:app, port:port, kb_ver:'installed_sw/'+port+'/'+app+'/service/tcp/FTP/version', service:TRUE);

vcf::check_granularity(app_info:app_info, sig_segments:3);

vcf::check_all_backporting(app_info:app_info);

var constraints = [
  { 'min_version' : '8.0', 'max_version' : '8.0.0.38', 'fixed_version' : '8.1.0.16' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);