Lucene search

HistoryMar 31, 2023 - 12:00 a.m.

Mageia: Security Advisory (MGASA-2023-0117)

2023-03-3100:00:00

plugins.openvas.org

mageia

snort

security advisory

cisco

http

tcp fast open

cve-2020-3299

cve-2020-3315

cve-2021-1223

vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.004

Percentile

74.2%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2023.0117");
  script_cve_id("CVE-2020-3299", "CVE-2020-3315", "CVE-2021-1223", "CVE-2021-1224", "CVE-2021-1236", "CVE-2021-1494", "CVE-2021-1495", "CVE-2021-34749", "CVE-2021-40114");
  script_tag(name:"creation_date", value:"2023-03-31 04:15:06 +0000 (Fri, 31 Mar 2023)");
  script_version("2024-02-02T05:06:10+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-10-29 13:15:39 +0000 (Fri, 29 Oct 2021)");

  script_name("Mageia: Security Advisory (MGASA-2023-0117)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA8");

  script_xref(name:"Advisory-ID", value:"MGASA-2023-0117");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2023-0117.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=27741");
  script_xref(name:"URL", value:"https://www.debian.org/lts/security/2023/dla-3317");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'snort' package(s) announced via the MGASA-2023-0117 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Multiple Cisco products are affected by a vulnerability in the Snort
detection engine that could allow an unauthenticated, remote attacker to
bypass a configured File Policy for HTTP. The vulnerability is due to
incorrect detection of modified HTTP packets used in chunked responses. An
attacker could exploit this vulnerability by sending crafted HTTP packets
through an affected device. A successful exploit could allow the attacker
to bypass a configured File Policy for HTTP packets and deliver a
malicious payload. (CVE-2020-3299)

Multiple Cisco products are affected by a vulnerability in the Snort
detection engine that could allow an unauthenticated, remote attacker to
bypass the configured file policies on an affected system. The
vulnerability is due to errors in how the Snort detection engine handles
specific HTTP responses. An attacker could exploit this vulnerability by
sending crafted HTTP packets that would flow through an affected system. A
successful exploit could allow the attacker to bypass the configured file
policies and deliver a malicious payload to the protected network.
(CVE-2020-3315)

Multiple Cisco products are affected by a vulnerability in the Snort
detection engine that could allow an unauthenticated, remote attacker to
bypass a configured file policy for HTTP. The vulnerability is due to
incorrect handling of an HTTP range header. An attacker could exploit this
vulnerability by sending crafted HTTP packets through an affected device.
A successful exploit could allow the attacker to bypass configured file
policy for HTTP packets and deliver a malicious payload. (CVE-2021-1223)

Multiple Cisco products are affected by a vulnerability with TCP Fast Open
(TFO) when used in conjunction with the Snort detection engine that could
allow an unauthenticated, remote attacker to bypass a configured file
policy for HTTP. The vulnerability is due to incorrect detection of the
HTTP payload if it is contained at least partially within the TFO
connection handshake. An attacker could exploit this vulnerability by
sending crafted TFO packets with an HTTP payload through an affected
device. A successful exploit could allow the attacker to bypass
configured file policy for HTTP packets and deliver a malicious payload.
(CVE-2021-1224)

Multiple Cisco products are affected by a vulnerability in the Snort
application detection engine that could allow an unauthenticated, remote
attacker to bypass the configured policies on an affected system. The
vulnerability is due to a flaw in the detection algorithm. An attacker
could exploit this vulnerability by sending crafted packets that would
flow through an affected system. A successful exploit could allow the
attacker to bypass the configured policies and deliver a malicious
payload to the protected network. (CVE-2021-1236)

Multiple Cisco products are affected by vulnerabilities in the Snort
detection engine that could allow ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'snort' package(s) on Mageia 8.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA8") {

  if(!isnull(res = isrpmvuln(pkg:"snort", rpm:"snort~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-bloat", rpm:"snort-bloat~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-devel", rpm:"snort-devel~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-inline+flexresp", rpm:"snort-inline+flexresp~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-inline", rpm:"snort-inline~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-mysql+flexresp", rpm:"snort-mysql+flexresp~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-mysql", rpm:"snort-mysql~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-plain+flexresp", rpm:"snort-plain+flexresp~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-postgresql+flexresp", rpm:"snort-postgresql+flexresp~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-postgresql", rpm:"snort-postgresql~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-prelude+flexresp", rpm:"snort-prelude+flexresp~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"snort-prelude", rpm:"snort-prelude~2.9.20~1.mga8", rls:"MAGEIA8"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);