Vulnerabilities > CVE-2017-1000117 - Open Redirect vulnerability in Git-Scm GIT

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:2674. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(103349);
  script_version("3.11");
  script_cvs_date("Date: 2019/10/24 15:35:43");

  script_cve_id("CVE-2017-1000117", "CVE-2017-7552", "CVE-2017-7553", "CVE-2017-7554");
  script_xref(name:"RHSA", value:"2017:2674");

  script_name(english:"RHEL 7 : Mobile Application Platform (RHSA-2017:2674)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update is now available for Red Hat Mobile Application Platform
4.5.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat Mobile Application Platform (RHMAP) 4.5 is delivered as a set
of Docker-formatted container images.

In addition to the images, several components are delivered as RPMs :

* OpenShift templates used to deploy an RHMAP Core and MBaaS

* The fh-system-dump-tool allows you to analyze all the projects
running in an OpenShift cluster and reports any problems discovered.
For more information, see the Operations Guide

The following RPMs are included in the RHMAP container images, and are
provided here only for completeness :

* The Nagios server, which is used to monitor the status of RHMAP
components, is installed inside the Nagios container image.

This release serves as an update for Red Hat Mobile Application
Platform 4.4.3. It includes bug fixes and enhancements. Refer to the
Red Hat Mobile Application Platform 4.5.0 Release Notes for
information about the most significant bug fixes and enhancements
included in this release.

Nagios is a program that monitors hosts and services on your network,
and has the ability to send email or page alerts when a problem arises
or is resolved.

Security Fix(es) :

* A shell command injection flaw related to the handling of 'ssh' URLs
has been discovered in Git. An attacker could use this flaw to execute
shell commands with the privileges of the user running the Git client,
for example, when performing a 'clone' action on a malicious
repository or a legitimate repository containing a malicious commit.
(CVE-2017-1000117)

* A flaw was discovered in the file editor of millicore which allows
files to be executed as well as created. An attacker could use this
flaw to compromise other users or teams projects stored in source
control management of the RHMAP Core installation. (CVE-2017-7552)

* The external_request api call in App Studio (millicore) allows
server side request forgery (SSRF). An attacker could use this flaw to
probe the network internal resources and access restricted endpoints.
(CVE-2017-7553)

* A flaw was found where the App Studio component of RHMAP 4.4
executes JavaScript provided by a user. An attacker could use this
flaw to execute a stored XSS attack on an application administrator
using App Studio. (CVE-2017-7554)

Red Hat would like to thank Tomas Rzepka for reporting CVE-2017-7552,
CVE-2017-7553 and CVE-2017-7554."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/documentation/en-US/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2017:2674"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-1000117"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-7552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-7553"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-7554"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fh-system-dump-tool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fping");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fping-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-apt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-breeze");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-by_ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-cluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dbi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dhcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-disk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-disk_smb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dns");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-dummy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-file_age");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-flexlm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-fping");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-game");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-hpjd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-http");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-icmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ide_smart");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ifoperstatus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ifstatus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ircd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-load");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-log");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mailq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mrtg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mrtgtraf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-nagios");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-nt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ntp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ntp-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-nwstat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-oracle");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-overcr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ping");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-procs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-radius");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-real");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-rpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-sensors");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-smtp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ssh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-swap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-tcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-time");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-ups");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-uptime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-users");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nagios-plugins-wave");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-CBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-DES");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Crypt-DES-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-Net-SNMP");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:phantomjs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:phantomjs-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-meld3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-meld3-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qstat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qstat-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:radiusclient-ng-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redis-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhmap-fh-openshift-templates");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhmap-mod_authnz_external");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhmap-mod_authnz_external-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sendEmail");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ssmtp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ssmtp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:supervisor");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/09/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/09/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:2674";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL7", rpm:"rhmap-fh-openshift-templates"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Mobile Application Platform");

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"fh-system-dump-tool-1.0.0-5.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"fping-3.10-4.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"fping-debuginfo-3.10-4.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-4.0.8-8.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-common-4.0.8-8.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-debuginfo-4.0.8-8.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-devel-4.0.8-8.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-all-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-apt-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-breeze-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-by_ssh-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-cluster-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dbi-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-debuginfo-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dhcp-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dig-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-disk-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-disk_smb-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dns-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-dummy-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-file_age-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-flexlm-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-fping-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-game-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-hpjd-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-http-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-icmp-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ide_smart-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ifoperstatus-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ifstatus-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ircd-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ldap-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-load-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-log-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mailq-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mrtg-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mrtgtraf-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-mysql-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-nagios-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-nt-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ntp-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ntp-perl-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-nwstat-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-oracle-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-overcr-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-perl-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-pgsql-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ping-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-procs-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-radius-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-real-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-rpc-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-sensors-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-smtp-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-snmp-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ssh-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-swap-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-tcp-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-time-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-ups-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-uptime-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-users-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"nagios-plugins-wave-2.0.3-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"perl-Crypt-CBC-2.33-2.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perl-Crypt-DES-2.05-20.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perl-Crypt-DES-debuginfo-2.05-20.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"perl-Net-SNMP-6.0.1-7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"phantomjs-1.9.7-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"phantomjs-debuginfo-1.9.7-3.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-meld3-0.6.10-1.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-meld3-debuginfo-0.6.10-1.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"qstat-2.11-13.20080912svn311.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"qstat-debuginfo-2.11-13.20080912svn311.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-0.5.6-9.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-debuginfo-0.5.6-9.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-devel-0.5.6-9.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"radiusclient-ng-utils-0.5.6-9.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redis-2.8.21-2.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"redis-debuginfo-2.8.21-2.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"rhmap-fh-openshift-templates-4.5.0-11.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rhmap-mod_authnz_external-3.3.1-7.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rhmap-mod_authnz_external-debuginfo-3.3.1-7.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"sendEmail-1.56-2.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ssmtp-2.64-14.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ssmtp-debuginfo-2.64-14.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"supervisor-3.1.3-3.el7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fh-system-dump-tool / fping / fping-debuginfo / nagios / etc");
  }
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2019 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
# 
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include("compat.inc");

if (description)
{
  script_id(102465);
  script_version("3.6");
  script_cvs_date("Date: 2019/05/13 11:02:56");

  script_cve_id("CVE-2017-1000115", "CVE-2017-1000116");

  script_name(english:"FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)");
  script_summary(english:"Checks for updated package in pkg_info output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote FreeBSD host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mercurial Release Notes :

CVE-2017-1000115

Mercurial's symlink auditing was incomplete prior to 4.3, and could be
abused to write to files outside the repository.

CVE-2017-1000116

Mercurial was not sanitizing hostnames passed to ssh, allowing shell
injection attacks on clients by specifying a hostname starting with
-oProxyCommand. This is also present in Git (CVE-2017-1000117) and
Subversion (CVE-2017-9800), so please patch those tools as well if you
have them installed."
  );
  # https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?425a5664"
  );
  # https://vuxml.freebsd.org/freebsd/1d33cdee-7f6b-11e7-a9b5-3debb10a6871.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0f656efa"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mercurial");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"FreeBSD Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("audit.inc");
include("freebsd_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (pkg_test(save_report:TRUE, pkg:"mercurial<4.3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-8ba7572cfd.
#

include("compat.inc");

if (description)
{
  script_id(102458);
  script_version("3.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-1000117");
  script_xref(name:"FEDORA", value:"2017-8ba7572cfd");

  script_name(english:"Fedora 25 : git (2017-8ba7572cfd)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Resolve an arbitrary code execution vulnerability via crafted 'ssh://'
URL (CVE-2017-1000117).

From the [release
announcement](https://public-inbox.org/git/[email protected]
v.corp.google.com/) :

A malicious third-party can give a crafted 'ssh://...' URL to an
unsuspecting victim, and an attempt to visit the URL can result in any
program that exists on the victim's machine being executed. Such a URL
could be placed in the .gitmodules file of a malicious project, and an
unsuspecting victim could be tricked into running 'git clone
--recurse-submodules' to trigger the vulnerability.

Credits to find and fix the issue go to Brian Neel at
GitLab, Joern Schneeweisz of Recurity Labs and Jeff King at
GitHub.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-8ba7572cfd"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC25", reference:"git-2.9.5-1.fc25")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2017-223-01. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102432);
  script_version("3.5");
  script_cvs_date("Date: 2019/04/10 16:10:18");

  script_cve_id("CVE-2017-1000117");
  script_xref(name:"SSA", value:"2017-223-01");

  script_name(english:"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : git (SSA:2017-223-01)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New git packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, 14.2, and -current to fix security issues."
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.575003
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d076e967"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"13.0", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++;
if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++;

if (slackware_check(osver:"13.1", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++;
if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++;

if (slackware_check(osver:"13.37", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++;
if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++;

if (slackware_check(osver:"14.0", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;

if (slackware_check(osver:"14.1", pkgname:"git", pkgver:"2.14.1", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;

if (slackware_check(osver:"14.2", pkgname:"git", pkgver:"2.14.1", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;

if (slackware_check(osver:"current", pkgname:"git", pkgver:"2.14.1", pkgarch:"i586", pkgnum:"1")) flag++;
if (slackware_check(osver:"current", arch:"x86_64", pkgname:"git", pkgver:"2.14.1", pkgarch:"x86_64", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:2484 and 
# CentOS Errata and Security Advisory 2017:2484 respectively.
#

include("compat.inc");

if (description)
{
  script_id(102769);
  script_version("3.9");
  script_cvs_date("Date: 2019/12/31");

  script_cve_id("CVE-2017-1000117");
  script_xref(name:"RHSA", value:"2017:2484");

  script_name(english:"CentOS 7 : git (CESA-2017:2484)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for git is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Git is a distributed revision control system with a decentralized
architecture. As opposed to centralized version control systems with a
client-server model, Git ensures that each working copy of a Git
repository is an exact copy with complete revision history. This not
only allows the user to work on and contribute to projects without the
need to have permission to push the changes to their official
repositories, but also makes it possible for the user to work with no
network connection.

Security Fix(es) :

* A shell command injection flaw related to the handling of 'ssh' URLs
has been discovered in Git. An attacker could use this flaw to execute
shell commands with the privileges of the user running the Git client,
for example, when performing a 'clone' action on a malicious
repository or a legitimate repository containing a malicious commit.
(CVE-2017-1000117)"
  );
  # https://lists.centos.org/pipermail/centos-cr-announce/2017-August/004660.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?661d5094"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000117");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:emacs-git-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-bzr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-hg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gitweb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Git-SVN");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"emacs-git-el-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-all-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-bzr-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-cvs-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-daemon-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-email-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-gui-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-hg-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-p4-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"git-svn-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitk-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"gitweb-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-1.8.3.1-12.el7_4")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perl-Git-SVN-1.8.3.1-12.el7_4")) flag++;


if (flag)
{
  cr_plugin_caveat = '\n' +
    'NOTE: The security advisory associated with this vulnerability has a\n' +
    'fixed package version that may only be available in the continuous\n' +
    'release (CR) repository for CentOS, until it is present in the next\n' +
    'point release of CentOS.\n\n' +

    'If an equal or higher package level does not exist in the baseline\n' +
    'repository for your major version of CentOS, then updates from the CR\n' +
    'repository will need to be applied in order to address the\n' +
    'vulnerability.\n';
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get() + cr_plugin_caveat
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124923);
  script_version("1.5");
  script_cvs_date("Date: 2019/06/27 13:33:25");

  script_cve_id(
    "CVE-2014-9938",
    "CVE-2015-7545",
    "CVE-2016-2315",
    "CVE-2016-2324",
    "CVE-2017-1000117",
    "CVE-2017-14867",
    "CVE-2018-11235",
    "CVE-2018-17456"
  );

  script_name(english:"EulerOS Virtualization 3.0.1.0 : git (EulerOS-SA-2019-1420)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the git packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerabilities :

  - In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x
    before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before
    2.17.1, remote code execution can occur. With a crafted
    .gitmodules file, a malicious project can execute an
    arbitrary script on a machine that runs 'git clone
    --recurse-submodules' because submodule 'names' are
    obtained from this file, and then appended to
    $GIT_DIR/modules, leading to directory traversal with
    '../' in a name. Finally, post-checkout hooks from a
    submodule are executed, bypassing the intended design
    in which hooks are not obtained from a remote
    server.(CVE-2018-11235)

  - A shell command injection flaw related to the handling
    of 'ssh' URLs has been discovered in Git. An attacker
    could use this flaw to execute shell commands with the
    privileges of the user running the Git client, for
    example, when performing a 'clone' action on a
    malicious repository or a legitimate repository
    containing a malicious commit.(CVE-2017-1000117)

  - Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before
    2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2
    uses unsafe Perl scripts to support subcommands such as
    cvsserver, which allows attackers to execute arbitrary
    OS commands via shell metacharacters in a module name.
    The vulnerable code is reachable via git-shell even
    without CVS support.(CVE-2017-14867)

  - It was found that the git-prompt.sh script shipped with
    git failed to correctly handle branch names containing
    special characters. A specially crafted git repository
    could use this flaw to execute arbitrary commands if a
    user working with the repository configured their shell
    to include repository information in the
    prompt.(CVE-2014-9938)

  - An integer truncation flaw and an integer overflow
    flaw, both leading to a heap-based buffer overflow,
    were found in the way Git processed certain path
    information. A remote attacker could create a specially
    crafted Git repository that would cause a Git client or
    server to crash or, possibly, execute arbitrary
    code.(CVE-2016-2324)

  - A flaw was found in the way the git-remote-ext helper
    processed certain URLs. If a user had Git configured to
    automatically clone submodules from untrusted
    repositories, an attacker could inject commands into
    the URL of a submodule, allowing them to execute
    arbitrary code on the user's system.(CVE-2015-7545)

  - Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before
    2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and
    2.19.x before 2.19.1 allows remote code execution
    during processing of a recursive 'git clone' of a
    superproject if a .gitmodules file has a URL field
    beginning with a '-' character.(CVE-2018-17456)

  - An integer truncation flaw and an integer overflow
    flaw, both leading to a heap-based buffer overflow,
    were found in the way Git processed certain path
    information. A remote attacker could create a specially
    crafted Git repository that would cause a Git client or
    server to crash or, possibly, execute arbitrary
    code.(CVE-2016-2315)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1420
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8375b968");
  script_set_attribute(attribute:"solution", value:
"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["git-1.8.3.1-20.h1",
        "perl-Git-1.8.3.1-20.h1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2017:2320-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(102914);
  script_version("3.8");
  script_cvs_date("Date: 2019/09/11 11:22:16");

  script_cve_id("CVE-2017-1000117");

  script_name(english:"SUSE SLES12 Security Update : git (SUSE-SU-2017:2320-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for git fixes the following issues :

  - CVE-2017-1000117: A client side code execution via shell
    injection when receiving special submodule strings from
    a malicious server was fixed (bsc#1052481)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1052481"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-1000117/"
  );
  # https://www.suse.com/support/update/announcement/2017/suse-su-20172320-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?40ec5247"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 6:zypper in -t patch
SUSE-OpenStack-Cloud-6-2017-1429=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1429=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1429=1

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-1429=1

SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
SUSE-SLE-SAP-12-2017-1429=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-1429=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1429=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1429=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-1429=1

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-1429=1

SUSE Container as a Service Platform ALL:zypper in -t patch
SUSE-CAASP-ALL-2017-1429=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1429=1

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2017-1000117');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2|3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2/3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"git-core-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"git-debugsource-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"git-core-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"git-debugsource-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"git-core-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"git-debugsource-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"git-core-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"git-core-debuginfo-2.12.3-27.5.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"git-debugsource-2.12.3-27.5.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}