Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)

2012-10-0300:00:00

www.tenable.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.06

Percentile

93.5%

JSON

Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacker could possibly execute arbitrary code. (CVE-2012-0212)

Raphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code. (CVE-2012-2240)

Raphael Geissert discovered that the dget tool incorrectly performed input validation. If a user or automated system were tricked into processing specially crafted files, a remote attacker could delete arbitrary files. (CVE-2012-2241)

Raphael Geissert discovered that the dget tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacker could possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2242)

Jim Meyering discovered that the annotate-output tool incorrectly handled temporary files. A local attacker could use this flaw to alter files being processed by the annotate-output tool. On Ubuntu 11.04 and later, this issue was mitigated by the Yama kernel symlink restrictions. (CVE-2012-3500).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1593-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(62411);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2012-0212", "CVE-2012-2240", "CVE-2012-2241", "CVE-2012-2242", "CVE-2012-3500");
  script_bugtraq_id(52029, 55358, 55564);
  script_xref(name:"USN", value:"1593-1");

  script_name(english:"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Raphael Geissert discovered that the debdiff.pl tool incorrectly
handled shell metacharacters. If a user or automated system were
tricked into processing a specially crafted filename, a remote
attacker could possibly execute arbitrary code. (CVE-2012-0212)

Raphael Geissert discovered that the dscverify tool incorrectly
escaped arguments to external commands. If a user or automated system
were tricked into processing specially crafted files, a remote
attacker could possibly execute arbitrary code. (CVE-2012-2240)

Raphael Geissert discovered that the dget tool incorrectly performed
input validation. If a user or automated system were tricked into
processing specially crafted files, a remote attacker could delete
arbitrary files. (CVE-2012-2241)

Raphael Geissert discovered that the dget tool incorrectly escaped
arguments to external commands. If a user or automated system were
tricked into processing specially crafted files, a remote attacker
could possibly execute arbitrary code. This issue only affected Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2012-2242)

Jim Meyering discovered that the annotate-output tool incorrectly
handled temporary files. A local attacker could use this flaw to alter
files being processed by the annotate-output tool. On Ubuntu 11.04 and
later, this issue was mitigated by the Yama kernel symlink
restrictions. (CVE-2012-3500).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1593-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected devscripts package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:devscripts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"devscripts", pkgver:"2.10.61ubuntu5.3")) flag++;
if (ubuntu_check(osver:"11.04", pkgname:"devscripts", pkgver:"2.10.69ubuntu2.2")) flag++;
if (ubuntu_check(osver:"11.10", pkgname:"devscripts", pkgver:"2.11.1ubuntu3.2")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"devscripts", pkgver:"2.11.6ubuntu1.4")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "devscripts");
}