Vulnerabilities > CVE-2017-2354 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(96877);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2016-8687",
    "CVE-2017-2350",
    "CVE-2017-2354",
    "CVE-2017-2355",
    "CVE-2017-2356",
    "CVE-2017-2360",
    "CVE-2017-2362",
    "CVE-2017-2363",
    "CVE-2017-2365",
    "CVE-2017-2369",
    "CVE-2017-2370",
    "CVE-2017-2373"
  );
  script_bugtraq_id(
    93781,
    95727,
    95728,
    95729,
    95731,
    95736
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-01-23-4");

  script_name(english:"Apple TV < 10.1.1 Multiple Vulnerabilities");
  script_summary(english:"Checks the build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Apple TV device is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Apple TV on the remote device
is prior to 10.1.1. It is, therefore, affected by multiple
vulnerabilities :

  - A stack-based buffer overflow condition exists in
    libarchive in the bsdtar_expand_char() function within
    file util.c due to improper validation of certain
    unspecified input. An unauthenticated, remote attacker
    can exploit this, via a specially crafted archive, to
    cause a denial of service condition or the execution of
    arbitrary code. (CVE-2016-8687)

  - A prototype access flaw exists in WebKit when handling
    exceptions. An unauthenticated, remote attacker can
    exploit this, via specially crafted web content, to
    disclose cross-origin data. (CVE-2017-2350)

  - A type confusion error exists in WebKit when handling
    SearchInputType objects due to improper validation of
    certain unspecified input. An unauthenticated, remote
    attacker can exploit this, via specially crafted web
    content, to execute arbitrary code. (CVE-2017-2354)

  - An unspecified memory initialization flaw exists in
    WebKit that allows an unauthenticated, remote attacker
    to execute arbitrary code via specially crafted web
    content. (CVE-2017-2355)

  - Multiple memory corruption issues exist in WebKit due to
    improper validation of certain unspecified input. An
    unauthenticated, remote attacker can exploit these, via
    specially crafted web content, to execute arbitrary
    code. (CVE-2017-2356, CVE-2017-2362, CVE-2017-2369,
    CVE-2017-2373)

  - A use-after-free error exists in the host_self_trap mach
    trap. A local attacker can exploit this, via a specially
    crafted application, to dereference already freed memory
    and thereby execute arbitrary code with kernel
    privileges. (CVE-2017-2360)

  - A flaw exists in WebKit when handling page loading due
    to improper validation of certain unspecified input.
    An unauthenticated, remote attacker can exploit this,
    via specially crafted web content, to disclose
    cross-origin data. (CVE-2017-2363)

  - A flaw exists in WebKit when handling variables due
    to improper validation of certain unspecified input.
    An unauthenticated, remote attacker can exploit this,
    via specially crafted web content, to disclose
    cross-origin data. (CVE-2017-2365)

  - A heap buffer overflow condition exists in the
    mach_voucher_extract_attr_recipe_trap() function due to
    improper validation of certain unspecified input. A
    local attacker can exploit this, via a specially
    crafted application, to cause a denial of service
    condition or the execution of arbitrary code with
    kernel privileges. (CVE-2017-2370)

Note that only 4th generation models are affected by these
vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207485");
  # https://lists.apple.com/archives/security-announce/2017/Jan/msg00005.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f1c5d4b2");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple TV version 10.1.1 or later. Note that this update is
only available for 4th generation models.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2370");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:apple_tv");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("appletv_version.nasl");
  script_require_keys("AppleTV/Version", "AppleTV/Model", "AppleTV/URL", "AppleTV/Port");
  script_require_ports("Services/www", 7000);

  exit(0);
}

include("audit.inc");
include("appletv_func.inc");

url = get_kb_item('AppleTV/URL');
if (empty_or_null(url)) exit(0, 'Cannot determine Apple TV URL.');
port = get_kb_item('AppleTV/Port');
if (empty_or_null(port)) exit(0, 'Cannot determine Apple TV port.');

build = get_kb_item('AppleTV/Version');
if (empty_or_null(build)) audit(AUDIT_UNKNOWN_DEVICE_VER, 'Apple TV');

model = get_kb_item('AppleTV/Model');
if (empty_or_null(model)) exit(0, 'Cannot determine Apple TV model.');

fixed_build = "14U712a";
tvos_ver = '10.1.1';

# determine gen from the model
gen = APPLETV_MODEL_GEN[model];

appletv_check_version(
  build          : build,
  fix            : fixed_build,
  affected_gen   : 4,
  fix_tvos_ver   : tvos_ver,
  model          : model,
  gen            : gen,
  port           : port,
  url            : url,
  severity       : SECURITY_HOLE
);

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-0beb752b6e.
#

include("compat.inc");

if (description)
{
  script_id(97448);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373");
  script_xref(name:"FEDORA", value:"2017-0beb752b6e");

  script_name(english:"Fedora 25 : webkitgtk4 (2017-0beb752b6e)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update addresses the following vulnerabilities :

  -
    [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2350),
    [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2354),
    [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2355),
    [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2356),
    [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2362),
    [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2363),
    [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2364),
    [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2365),
    [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2366),
    [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2369),
    [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2371),
    [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2373)

Additional fixes :

  - Make accelerating compositing mode on-demand again. By
    default it will only be used for websites that require
    it, saving a lot of memory on websites that don’t
    need it.

  - Release unused UpdateAtlas and reduce the tile coverage
    on memory pressure.

  - The media backend now stores preloaded media in /var/tmp
    instead of user cache dir.

  - Make inspector work again when accelerated compositing
    support is disabled.

  - Fix a deadlock when the media player is destroyed.

  - Fix network process crashes when loading custom URI
    schemes.

  - Fix overlay scrollbars that are over a subframe.

  - Fix a crash in GraphicsContext3D::drawArrays when using
    OpenGL 3.2 core profile.

  - Fix BadDamage X errors happening when resizing the
    WebView.

  - Fix several crashes and rendering issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0beb752b6e"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected webkitgtk4 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkitgtk4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC25", reference:"webkitgtk4-2.14.5-1.fc25")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk4");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3200-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(97222);
  script_version("3.6");
  script_cvs_date("Date: 2019/09/18 12:31:46");

  script_cve_id("CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373");
  script_xref(name:"USN", value:"3200-1");

  script_name(english:"Ubuntu 16.04 LTS / 16.10 : webkit2gtk vulnerabilities (USN-3200-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A large number of security issues were discovered in the WebKitGTK+
Web and JavaScript engines. If a user were tricked into viewing a
malicious website, a remote attacker could exploit a variety of issues
related to web browser security, including cross-site scripting
attacks, denial of service attacks, and arbitrary code execution.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/3200-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected libjavascriptcoregtk-4.0-18 and / or
libwebkit2gtk-4.0-37 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|16\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 16.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"libjavascriptcoregtk-4.0-18", pkgver:"2.14.5-0ubuntu0.16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"libwebkit2gtk-4.0-37", pkgver:"2.14.5-0ubuntu0.16.04.1")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"libjavascriptcoregtk-4.0-18", pkgver:"2.14.5-0ubuntu0.16.10.1")) flag++;
if (ubuntu_check(osver:"16.10", pkgname:"libwebkit2gtk-4.0-37", pkgver:"2.14.5-0ubuntu0.16.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2017-b1abcbe695.
#

include("compat.inc");

if (description)
{
  script_id(97428);
  script_version("3.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373");
  script_xref(name:"FEDORA", value:"2017-b1abcbe695");

  script_name(english:"Fedora 24 : webkitgtk4 (2017-b1abcbe695)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update addresses the following vulnerabilities :

  -
    [CVE-2017-2350](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2350),
    [CVE-2017-2354](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2354),
    [CVE-2017-2355](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2355),
    [CVE-2017-2356](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2356),
    [CVE-2017-2362](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2362),
    [CVE-2017-2363](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2363),
    [CVE-2017-2364](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2364),
    [CVE-2017-2365](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2365),
    [CVE-2017-2366](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2366),
    [CVE-2017-2369](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2369),
    [CVE-2017-2371](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2371),
    [CVE-2017-2373](https://cve.mitre.org/cgi-bin/cvename.cg
    i?name=CVE-2017-2373)

Additional fixes :

  - Make accelerating compositing mode on-demand again. By
    default it will only be used for websites that require
    it, saving a lot of memory on websites that don’t
    need it.

  - Release unused UpdateAtlas and reduce the tile coverage
    on memory pressure.

  - The media backend now stores preloaded media in /var/tmp
    instead of user cache dir.

  - Make inspector work again when accelerated compositing
    support is disabled.

  - Fix a deadlock when the media player is destroyed.

  - Fix network process crashes when loading custom URI
    schemes.

  - Fix overlay scrollbars that are over a subframe.

  - Fix a crash in GraphicsContext3D::drawArrays when using
    OpenGL 3.2 core profile.

  - Fix BadDamage X errors happening when resizing the
    WebView.

  - Fix several crashes and rendering issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b1abcbe695"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected webkitgtk4 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkitgtk4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC24", reference:"webkitgtk4-2.14.5-1.fc24")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk4");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(96798);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/13");

  script_cve_id(
    "CVE-2017-2350",
    "CVE-2017-2354",
    "CVE-2017-2355",
    "CVE-2017-2356",
    "CVE-2017-2359",
    "CVE-2017-2362",
    "CVE-2017-2363",
    "CVE-2017-2364",
    "CVE-2017-2365",
    "CVE-2017-2366",
    "CVE-2017-2369",
    "CVE-2017-2373"
  );
  script_bugtraq_id(
    95724,
    95725,
    95727,
    95728,
    95733,
    95736
  );
  script_xref(name:"APPLE-SA", value:"APPLE-SA-2017-01-23-5");

  script_name(english:"macOS : Apple Safari < 10.0.3 Multiple Vulnerabilities");
  script_summary(english:"Checks the Safari version.");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Apple Safari installed on the remote macOS or Mac OS X 
host is prior to 10.0.3. It is, therefore, affected by multiple
vulnerabilities :

  - A prototype access flaw exists in WebKit when handling
    exceptions. An unauthenticated, remote attacker can
    exploit this, via specially crafted web content, to
    disclose cross-origin data. (CVE-2017-2350)

  - Multiple memory corruption issues exist in WebKit due to
    improper validation of certain unspecified input. An
    unauthenticated, remote attacker can exploit these, via
    specially crafted web content, to corrupt memory,
    resulting in the execution of arbitrary code.
    (CVE-2017-2354, CVE-2017-2356, CVE-2017-2362,
    CVE-2017-2366, CVE-2017-2369, CVE-2017-2373)

  - An unspecified memory initialization flaw exists in
    WebKit that allows an unauthenticated, remote attacker
    to execute arbitrary code. (CVE-2017-2355)

  - An unspecified state management flaw exists that allows
    an unauthenticated, remote attacker to spoof the address
    bar. (CVE-2017-2359)

  - Multiple flaws exist in WebKit when handling page
    loading due to improper validation of certain
    unspecified input. An unauthenticated, remote attacker
    can exploit these, via specially crafted web content, to
    disclose cross-origin data. (CVE-2017-2363,
    CVE-2017-2364)

  - A flaw exists in WebKit when handling variables due to
    improper validation of certain unspecified input. An
    unauthenticated, remote attacker can exploit this, via
    specially crafted web content, to disclose cross-origin
    data. (CVE-2017-2365)");
  script_set_attribute(attribute:"see_also", value:"https://support.apple.com/en-us/HT207484");
  # https://lists.apple.com/archives/security-announce/2017/Jan/msg00006.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?35df638b");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Apple Safari version 10.0.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2373");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_Safari31.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MacOSX/Version", "MacOSX/Safari/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
os = get_kb_item("Host/MacOSX/Version");
if (!os) audit(AUDIT_OS_NOT, "Mac OS X or macOS");

if (!ereg(pattern:"Mac OS X 10\.(10|11|12)([^0-9]|$)", string:os)) audit(AUDIT_OS_NOT, "Mac OS X Yosemite 10.10 / Mac OS X El Capitan 10.11 / macOS Sierra 10.12");

installed = get_kb_item_or_exit("MacOSX/Safari/Installed", exit_code:0);
path      = get_kb_item_or_exit("MacOSX/Safari/Path", exit_code:1);
version   = get_kb_item_or_exit("MacOSX/Safari/Version", exit_code:1);

fixed_version = "10.0.3";

if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)
{
  report = report_items_str(
    report_items:make_array(
      "Path", path,
      "Installed version", version,
      "Fixed version", fixed_version
    ),
    ordered_fields:make_list("Path", "Installed version", "Fixed version")
  );
  security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Safari", version, path);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201706-15.
#
# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(100675);
  script_version("3.2");
  script_cvs_date("Date: 2019/04/10 16:10:17");

  script_cve_id("CVE-2015-2330", "CVE-2015-7096", "CVE-2015-7098", "CVE-2016-1723", "CVE-2016-1724", "CVE-2016-1725", "CVE-2016-1726", "CVE-2016-1727", "CVE-2016-1728", "CVE-2016-4692", "CVE-2016-4743", "CVE-2016-7586", "CVE-2016-7587", "CVE-2016-7589", "CVE-2016-7592", "CVE-2016-7598", "CVE-2016-7599", "CVE-2016-7610", "CVE-2016-7611", "CVE-2016-7623", "CVE-2016-7632", "CVE-2016-7635", "CVE-2016-7639", "CVE-2016-7640", "CVE-2016-7641", "CVE-2016-7642", "CVE-2016-7645", "CVE-2016-7646", "CVE-2016-7648", "CVE-2016-7649", "CVE-2016-7652", "CVE-2016-7654", "CVE-2016-7656", "CVE-2016-9642", "CVE-2016-9643", "CVE-2017-2350", "CVE-2017-2354", "CVE-2017-2355", "CVE-2017-2356", "CVE-2017-2362", "CVE-2017-2363", "CVE-2017-2364", "CVE-2017-2365", "CVE-2017-2366", "CVE-2017-2367", "CVE-2017-2369", "CVE-2017-2371", "CVE-2017-2373", "CVE-2017-2376", "CVE-2017-2377", "CVE-2017-2386", "CVE-2017-2392", "CVE-2017-2394", "CVE-2017-2395", "CVE-2017-2396", "CVE-2017-2405", "CVE-2017-2415", "CVE-2017-2419", "CVE-2017-2433", "CVE-2017-2442", "CVE-2017-2445", "CVE-2017-2446", "CVE-2017-2447", "CVE-2017-2454", "CVE-2017-2455", "CVE-2017-2457", "CVE-2017-2459", "CVE-2017-2460", "CVE-2017-2464", "CVE-2017-2465", "CVE-2017-2466", "CVE-2017-2468", "CVE-2017-2469", "CVE-2017-2470", "CVE-2017-2471", "CVE-2017-2475", "CVE-2017-2476", "CVE-2017-2481", "CVE-2017-2496", "CVE-2017-2504", "CVE-2017-2505", "CVE-2017-2506", "CVE-2017-2508", "CVE-2017-2510", "CVE-2017-2514", "CVE-2017-2515", "CVE-2017-2521", "CVE-2017-2525", "CVE-2017-2526", "CVE-2017-2528", "CVE-2017-2530", "CVE-2017-2531", "CVE-2017-2536", "CVE-2017-2539", "CVE-2017-2544", "CVE-2017-2547", "CVE-2017-2549", "CVE-2017-6980", "CVE-2017-6984");
  script_xref(name:"GLSA", value:"201706-15");

  script_name(english:"GLSA-201706-15 : WebKitGTK+: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201706-15
(WebKitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebKitGTK+. Please
      review the CVE identifiers referenced below for details.
  
Impact :

    A remote attack can use multiple vectors to execute arbitrary code or
      cause a denial of service condition.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201706-15"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All WebKitGTK+ users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.16.3:4'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:webkit-gtk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-libs/webkit-gtk", unaffected:make_list("ge 2.16.3"), vulnerable:make_list("lt 2.16.3"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WebKitGTK+");
}