CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
98.4%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.885211");
script_cve_id("CVE-2023-39456", "CVE-2023-41752", "CVE-2023-44487");
script_tag(name:"creation_date", value:"2023-11-05 02:21:12 +0000 (Sun, 05 Nov 2023)");
script_version("2024-09-13T05:05:46+0000");
script_tag(name:"last_modification", value:"2024-09-13 05:05:46 +0000 (Fri, 13 Sep 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-10-13 19:32:37 +0000 (Fri, 13 Oct 2023)");
script_name("Fedora: Security Advisory (FEDORA-2023-1caffb88af)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC39");
script_xref(name:"Advisory-ID", value:"FEDORA-2023-1caffb88af");
script_xref(name:"URL", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-1caffb88af");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2242988");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2243251");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2243252");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245107");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245110");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245141");
script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245142");
script_tag(name:"summary", value:"The remote host is missing an update for the 'trafficserver' package(s) announced via the FEDORA-2023-1caffb88af advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Update to upstream 9.2.3
Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456");
script_tag(name:"affected", value:"'trafficserver' package(s) on Fedora 39.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC39") {
if(!isnull(res = isrpmvuln(pkg:"trafficserver", rpm:"trafficserver~9.2.3~1.fc39", rls:"FC39"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"trafficserver-debuginfo", rpm:"trafficserver-debuginfo~9.2.3~1.fc39", rls:"FC39"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"trafficserver-debugsource", rpm:"trafficserver-debugsource~9.2.3~1.fc39", rls:"FC39"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"trafficserver-devel", rpm:"trafficserver-devel~9.2.3~1.fc39", rls:"FC39"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"trafficserver-perl", rpm:"trafficserver-perl~9.2.3~1.fc39", rls:"FC39"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"trafficserver-selinux", rpm:"trafficserver-selinux~9.2.3~1.fc39", rls:"FC39"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
FEDORA-2023-1caffb88af
bodhi.fedoraproject.org/updates/FEDORA-2023-1caffb88af
bugzilla.redhat.com/show_bug.cgi?id=2242988
bugzilla.redhat.com/show_bug.cgi?id=2243251
bugzilla.redhat.com/show_bug.cgi?id=2243252
bugzilla.redhat.com/show_bug.cgi?id=2245107
bugzilla.redhat.com/show_bug.cgi?id=2245110
bugzilla.redhat.com/show_bug.cgi?id=2245141
bugzilla.redhat.com/show_bug.cgi?id=2245142
www.cisa.gov/known-exploited-vulnerabilities-catalog
Known Exploited Vulnerability (KEV) catalog
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
98.4%