Lucene search

HistoryJan 28, 2022 - 12:00 a.m.

Mageia: Security Advisory (MGASA-2020-0100)

2022-01-2800:00:00

plugins.openvas.org

mageia 7

radare2

radare2-cutter

cve-2019-19590

cve-2019-19647

remote attackers

denial of service

arbitrary code execution

vulnerability

security advisory

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.024

Percentile

89.9%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0100");
  script_cve_id("CVE-2019-19590", "CVE-2019-19647");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"6.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-12-13 21:17:02 +0000 (Fri, 13 Dec 2019)");

  script_name("Mageia: Security Advisory (MGASA-2020-0100)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");

  script_xref(name:"Advisory-ID", value:"MGASA-2020-0100");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0100.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26232");
  script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/DUW4XXPI6XCI2G4X22EP3TKU2APLQ5XD/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'radare2, radare2-cutter' package(s) announced via the MGASA-2020-0100 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Updated radare2 packages fix security vulnerabilities:

A vulnerability was found in radare2 through 4.0, there is an integer
overflow for the variable new_token_size in the function r_asm_massemble
at libr/asm/asm.c. This integer overflow will result in a Use-After-Free
for the buffer tokens, which can be filled with arbitrary malicious data
after the free. This allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via crafted input
(CVE-2019-19590).

radare2 through 4.0.0 lacks validation of the content variable in the
function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an
arbitrary write. This allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via crafted
input (CVE-2019-19647).

The radare2 package has been updated to version 4.2.1, fixing these issues
and other bugs.

Also, the radare2-cutter package has been updated to version 1.10.1.");

  script_tag(name:"affected", value:"'radare2, radare2-cutter' package(s) on Mageia 7.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA7") {

  if(!isnull(res = isrpmvuln(pkg:"lib64radare2-devel", rpm:"lib64radare2-devel~4.2.1~1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"lib64radare2_4.2.1", rpm:"lib64radare2_4.2.1~4.2.1~1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libradare2-devel", rpm:"libradare2-devel~4.2.1~1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libradare2_4.2.1", rpm:"libradare2_4.2.1~4.2.1~1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"radare2", rpm:"radare2~4.2.1~1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"radare2-cutter", rpm:"radare2-cutter~1.10.1~1.mga7", rls:"MAGEIA7"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);