Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20181105)

2018-11-2700:00:00

www.tenable.com

170

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.008

Percentile

81.8%

JSON

This update upgrades Thunderbird to version 60.2.1.

Security Fix(es) :

Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376)
Mozilla: Use-after-free in driver timers (CVE-2018-12377)
Mozilla: Use-after-free in IndexedDB (CVE-2018-12378)
Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541)
Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379)
Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385)
Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383)

Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('compat.inc');

if (description)
{
  script_id(119208);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/18");

  script_cve_id(
    "CVE-2017-16541",
    "CVE-2018-12376",
    "CVE-2018-12377",
    "CVE-2018-12378",
    "CVE-2018-12379",
    "CVE-2018-12383",
    "CVE-2018-12385"
  );

  script_name(english:"Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20181105)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
  script_set_attribute(attribute:"description", value:
"This update upgrades Thunderbird to version 60.2.1.

Security Fix(es) :

  - Mozilla: Memory safety bugs fixed in Firefox 62 and
    Firefox ESR 60.2 (CVE-2018-12376)

  - Mozilla: Use-after-free in driver timers
    (CVE-2018-12377)

  - Mozilla: Use-after-free in IndexedDB (CVE-2018-12378)

  - Mozilla: Proxy bypass using automount and autofs
    (CVE-2017-16541)

  - Mozilla: Out-of-bounds write with malicious MAR file
    (CVE-2018-12379)

  - Mozilla: Crash in TransportSecurityInfo due to cached
    data (CVE-2018-12385)

  - Mozilla: Setting a master password post-Firefox 58 does
    not delete unencrypted previously stored passwords
    (CVE-2018-12383)

Note: All of the above issues cannot be exploited in Thunderbird by a
specially crafted HTML mail, as JavaScript is disabled for mail
messages and cannot be enabled. They could be exploited another way in
Thunderbird, for example, when viewing the remote content of an RSS
feed.");
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1811&L=scientific-linux-errata&F=&S=&P=2327
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b1c5dde2");
  script_set_attribute(attribute:"solution", value:
"Update the affected thunderbird and / or thunderbird-debuginfo
packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12378");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:thunderbird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Scientific Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"thunderbird-60.2.1-4.el7_5", allowmaj:TRUE)) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"thunderbird-debuginfo-60.2.1-4.el7_5", allowmaj:TRUE)) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "thunderbird / thunderbird-debuginfo");
}

VendorProductVersionCPE
fermilabscientific_linuxthunderbird-debuginfop-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux
fermilabscientific_linuxthunderbirdp-cpe:/a:fermilab:scientific_linux:thunderbird

Vendor	Product	Version	CPE
fermilab	scientific_linux	thunderbird-debuginfo	p-cpe:/a:fermilab:scientific_linux:thunderbird-debuginfo
fermilab	scientific_linux		x-cpe:/o:fermilab:scientific_linux
fermilab	scientific_linux	thunderbird	p-cpe:/a:fermilab:scientific_linux:thunderbird