Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2023-0405-1.NASLHistoryDec 17, 2023 - 12:00 a.m.
openSUSE 15 Security Update : fish (openSUSE-SU-2023:0405-1)
2023-12-1700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
opensuse 15
security update
fish
vulnerability
unicode non-characters
command line shell
denial of service
information disclosure
upgrade
cve-2023-49284
nessus
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.0%
The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2023:0405-1 advisory.
- fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-49284)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2023:0405-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(187042);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/17");
script_cve_id("CVE-2023-49284");
script_name(english:"openSUSE 15 Security Update : fish (openSUSE-SU-2023:0405-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-
SU-2023:0405-1 advisory.
- fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish
shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will
incorrectly allow these markers to be read on command substitution output, rather than transforming them
into a safe internal representation. While this may cause unexpected behavior with direct input (for
example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if
the output is being fed from an external program into a command substitution where this output may not be
expected. This design flaw was introduced in very early versions of fish, predating the version control
system, and is thought to be present in every version of fish released in the last 15 years or more,
although with different characters. Code execution does not appear to be possible, but denial of service
(through large brace expansion) or information disclosure (such as variable expansion) is potentially
possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are
advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-49284)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1217808");
# https://lists.opensuse.org/archives/list/[email protected]/thread/S6BKN7QOVK7LIAFEI3YVTBXDS7YGI6B3/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0fa69ed8");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-49284");
script_set_attribute(attribute:"solution", value:
"Update the affected fish and / or fish-devel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-49284");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/05");
script_set_attribute(attribute:"patch_publication_date", value:"2023/12/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/12/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:fish");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:fish-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.5");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/SuSE/release');
if (isnull(os_release) || os_release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var _os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:os_release);
if (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
_os_ver = _os_ver[1];
if (os_release !~ "^(SUSE15\.5)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.5', os_release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);
var pkgs = [
{'reference':'fish-3.3.1-bp155.4.3.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fish-devel-3.3.1-bp155.4.3.1', 'release':'SUSE15.5', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fish / fish-devel');
}
Related
mageia
mageia
Updated fish packages fix a security vulnerability
2023-12-13 00:19:08
cbl_mariner
cbl_mariner
CVE-2023-49284 affecting package fish for versions less than 3.6.2-1
2024-01-14 22:46:30
nvd
nvd
CVE-2023-49284
2023-12-05 00:15:08
cve
cve
CVE-2023-49284
2023-12-05 00:15:08
osv
osv
CVE-2023-49284
2023-12-05 00:15:08
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2023-49284
2023-12-05 00:15:08
veracode
veracode
Denial Of Service
2023-12-25 14:03:42
nessus
nessus
openSUSE 15 Security Update : fish (openSUSE-SU-2023:0404-1)
2023-12-17 00:00:00
prion
prion
Information disclosure
2023-12-05 00:15:00
debiancve
debiancve
CVE-2023-49284
2023-12-05 00:15:08
ubuntucve
ubuntucve
CVE-2023-49284
2023-12-05 00:00:00
openvas
openvas
openSUSE: Security Advisory for fish (openSUSE-SU-2023:0404-1)
2024-03-04 00:00:00
Mageia: Security Advisory (MGASA-2023-0344)
2023-12-13 00:00:00
6.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
7.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.0%
Related for OPENSUSE-2023-0405-1.NASL