Vulnerabilities > CVE-2019-1351 - Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-1cec196e20.
#

include("compat.inc");

if (description)
{
  script_id(132639);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/08");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");
  script_xref(name:"FEDORA", value:"2019-1cec196e20");

  script_name(english:"Fedora 30 : git (2019-1cec196e20)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Per the upstream release announcement¹, this release fixes
'various security flaws, which allowed an attacker to overwrite
arbitrary paths, remotely execute code, and/or overwrite files in the
.git/ directory etc. See the release notes attached for the list for
their descriptions and CVE identifiers.'

Refer to the 2.14.6 release notes² for details on these
vulnerabilities.

¹
https://lore.kernel.org/git/[email protected]
/ ²
https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.14.6.txt

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-1cec196e20"
  );
  # https://lore.kernel.org/git/[email protected]/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d05d9ca8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"git-2.21.1-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202003-30.
#
# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(134607);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/23");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");
  script_xref(name:"GLSA", value:"202003-30");

  script_name(english:"GLSA-202003-30 : Git: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-202003-30
(Git: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Git. Please review the
      CVE identifiers referenced below for details.
  
Impact :

    An attacker could possibly overwrite arbitrary paths, execute arbitrary
      code, and overwrite files in the .git directory.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/202003-30"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Git 2.21.x users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.21.1'
    All Git 2.23.x users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.23.1-r1'
    All Git 2.24.x users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=dev-vcs/git-2.24.1'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/16");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"dev-vcs/git", unaffected:make_list("rge 2.21.1", "rge 2.23.1-r1", "rge 2.24.1"), vulnerable:make_list("lt 2.24.1"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:1121-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(136074);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id("CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for git fixes the following issues :

Security issues fixed :

CVE-2020-11008: Specially crafted URLs may have tricked the
credentials helper to providing credential information that is not
appropriate for the protocol in use and host being contacted
(bsc#1169936)

git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)

Fix git-daemon not starting after conversion from sysvinit to systemd
service (bsc#1169605).

CVE-2020-5260: Specially crafted URLs with newline characters could
have been used to make the Git client to send credential information
for a wrong host to the attacker's site bsc#1168930

git 2.26.0 (bsc#1167890, jsc#SLE-11608) :

'git rebase' now uses a different backend that is based on the 'merge'
machinery by default. The 'rebase.backend' configuration variable
reverts to old behaviour when set to 'apply'

Improved handling of sparse checkouts

Improvements to many commands and internal features

git 2.25.2 :

bug fixes to various subcommands in specific operations

git 2.25.1 :

'git commit' now honors advise.statusHints

various updates, bug fixes and documentation updates

git 2.25.0

The branch description ('git branch --edit-description') has been used
to fill the body of the cover letters by the format-patch command;
this has been enhanced so that the subject can also be filled.

A few commands learned to take the pathspec from the standard input or
a named file, instead of taking it as the command line arguments, with
the '--pathspec-from-file' option.

Test updates to prepare for SHA-2 transition continues.

Redo 'git name-rev' to avoid recursive calls.

When all files from some subdirectory were renamed to the root
directory, the directory rename heuristics would fail to detect that
as a rename/merge of the subdirectory to the root directory, which has
been corrected.

HTTP transport had possible allocator/deallocator mismatch, which has
been corrected.

git 2.24.1 :

CVE-2019-1348: The --export-marks option of fast-import is exposed
also via the in-stream command feature export-marks=... and it allows
overwriting arbitrary paths (bsc#1158785)

CVE-2019-1349: on Windows, when submodules are cloned recursively,
under certain circumstances Git could be fooled into using the same
Git directory twice (bsc#1158787)

CVE-2019-1350: Incorrect quoting of command-line arguments allowed
remote code execution during a recursive clone in conjunction with SSH
URLs (bsc#1158788)

CVE-2019-1351: on Windows mistakes drive letters outside of the
US-English alphabet as relative paths (bsc#1158789)

CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams
(bsc#1158790)

CVE-2019-1353: when run in the Windows Subsystem for Linux while
accessing a working directory on a regular Windows drive, none of the
NTFS protections were active (bsc#1158791)

CVE-2019-1354: on Windows refuses to write tracked files with
filenames that contain backslashes (bsc#1158792)

CVE-2019-1387: Recursive clones vulnerability that is caused by
too-lax validation of submodule names, allowing very targeted attacks
via remote code execution in recursive clones (bsc#1158793)

CVE-2019-19604: a recursive clone followed by a submodule update could
execute code contained within the repository without the user
explicitly having asked for that (bsc#1158795)

git 2.24.0

The command line parser learned '--end-of-options' notation.

A mechanism to affect the default setting for a (related) group of
configuration variables is introduced.

'git fetch' learned '--set-upstream' option to help those who first
clone from their private fork they intend to push to, add the true
upstream via 'git remote add' and then 'git fetch' from it.

fixes and improvements to UI, workflow and features, bash completion
fixes

git 2.23.0 :

The '--base' option of 'format-patch' computed the patch-ids for
prerequisite patches in an unstable way, which has been updated to
compute in a way that is compatible with 'git patch-id

--stable'.

The 'git log' command by default behaves as if the --mailmap option
was given.

fixes and improvements to UI, workflow and features

git 2.22.1

A relative pathname given to 'git init --template=<path> <repo>' ought
to be relative to the directory 'git init' gets invoked in, but it
instead was made relative to the repository, which has been corrected.
</repo></path>

'git worktree add' used to fail when another worktree connected to the
same repository was corrupt, which has been corrected.

'git am -i --resolved' segfaulted after trying to see a commit as if
it were a tree, which has been corrected.

'git merge --squash' is designed to update the working tree and the
index without creating the commit, and this cannot be countermanded by
adding the '--commit' option; the command now refuses to work when
both options are given.

Update to Unicode 12.1 width table.

'git request-pull' learned to warn when the ref we ask them to pull
from in the local repository and in the published repository are
different.

'git fetch' into a lazy clone forgot to fetch base objects that are
necessary to complete delta in a thin packfile, which has been
corrected.

The URL decoding code has been updated to avoid going past the end of
the string while parsing %-<hex>-<hex> sequence. </hex></hex>

'git clean' silently skipped a path when it cannot lstat() it; now it
gives a warning.

'git rm' to resolve a conflicted path leaked an internal message
'needs merge' before actually removing the path, which was confusing.
This has been corrected.

Many more bugfixes and code cleanups.

removal of SuSEfirewall2 service, since SuSEfirewall2 has been
replaced by firewalld.

partial fix for git instaweb giving 500 error (bsc#1112230)

git 2.22.0

The filter specification '--filter=sparse:path=<path>' used to create
a lazy/partial clone has been removed. Using a blob that is part of
the project as sparse specification is still supported with the
'--filter=sparse:oid=<blob>' option </blob></path>

'git checkout --no-overlay' can be used to trigger a new mode of
checking out paths out of the tree-ish, that allows paths that match
the pathspec that are in the current index and working tree and are
not in the tree-ish.

Four new configuration variables {author,committer}.{name,email} have
been introduced to override user.{name,email} in more specific cases.

'git branch' learned a new subcommand '--show-current'.

The command line completion (in contrib/) has been taught to complete
more subcommand parameters.

The completion helper code now pays attention to repository-local
configuration (when available), which allows --list-cmds to honour a
repository specific setting of completion.commands, for example.

The list of conflicted paths shown in the editor while concluding a
conflicted merge was shown above the scissors line when the clean-up
mode is set to 'scissors', even though it was commented out just like
the list of updated paths and other information to help the user
explain the merge better.

'git rebase' that was reimplemented in C did not set ORIG_HEAD
correctly, which has been corrected.

'git worktree add' used to do a 'find an available name with stat and
then mkdir', which is race-prone. This has been fixed by using mkdir
and reacting to EEXIST in a loop.

Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy
DocBook 4.5 format.

update git-web AppArmor profile for bash and tar usrMerge
(bsc#1132350)

git 2.21.0

Historically, the '-m' (mainline) option can only be used for 'git
cherry-pick' and 'git revert' when working with a merge commit. This
version of Git no longer warns or errors out when working with a
single-parent commit, as long as the argument to the '-m' option is 1
(i.e. it has only one parent, and the request is to pick or revert
relative to that first parent). Scripts that relied on the behaviour
may get broken with this change.

Small fixes and features for fast-export and fast-import.

The 'http.version' configuration variable can be used with recent
enough versions of cURL library to force the version of HTTP used to
talk when fetching and pushing.

'git push $there $src:$dst' rejects when $dst is not a fully qualified
refname and it is not clear what the end user meant.

Update 'git multimail' from the upstream.

A new date format '--date=human' that morphs its output depending on
how far the time is from the current time has been introduced.
'--date=auto:human' can be used to use this new format (or any
existing format) when the output is going to the pager or to the
terminal, and otherwise the default format.

Fix worktree creation race (bsc#1114225).

add shadow build dependency to the -daemon subpackage.

git 2.20.1 :

portability fixes

'git help -a' did not work well when an overly long alias was defined

no longer squelched an error message when the run_command API failed
to run a missing command

git 2.20.0

'git help -a' now gives verbose output (same as 'git help -av'). Those
who want the old output may say 'git help --no-verbose -a'..

'git send-email' learned to grab address-looking string on any trailer
whose name ends with '-by'.

'git format-patch' learned new '--interdiff' and '--range-diff'
options to explain the difference between this version and the
previous attempt in the cover letter (or after the three-dashes as a
comment).

Developer builds now use -Wunused-function compilation option.

Fix a bug in which the same path could be registered under multiple
worktree entries if the path was missing (for instance, was removed
manually). Also, as a convenience, expand the number of cases in which

--force is applicable.

The overly large Documentation/config.txt file have been split into
million little pieces. This potentially allows each individual piece
to be included into the manual page of the command it affects more
easily.

Malformed or crafted data in packstream can make our code attempt to
read or write past the allocated buffer and abort, instead of
reporting an error, which has been fixed.

Fix for a long-standing bug that leaves the index file corrupt when it
shrinks during a partial commit.

'git merge' and 'git pull' that merges into an unborn branch used to
completely ignore '--verify-signatures', which has been corrected.

...and much more features and fixes

git 2.19.2 :

various bug fixes for multiple subcommands and operations

git 2.19.1 :

CVE-2018-17456: Specially crafted .gitmodules files may have allowed
arbitrary code execution when the repository is cloned with

--recurse-submodules (bsc#1110949)

git 2.19.0 :

'git diff' compares the index and the working tree. For paths added
with intent-to-add bit, the command shows the full contents of them as
added, but the paths themselves were not marked as new files. They are
now shown as new by default.

'git apply' learned the '--intent-to-add' option so that an otherwise
working-tree-only application of a patch will add new paths to the
index marked with the 'intent-to-add' bit.

'git grep' learned the '--column' option that gives not just the line
number but the column number of the hit.

The '-l' option in 'git branch -l' is an unfortunate short-hand for
'--create-reflog', but many users, both old and new, somehow expect it
to be something else, perhaps '--list'. This step warns when '-l' is
used as a short-hand for '--create-reflog' and warns about the future
repurposing of the it when it is used.

The userdiff pattern for .php has been updated.

The content-transfer-encoding of the message 'git send-email' sends
out by default was 8bit, which can cause trouble when there is an
overlong line to bust RFC 5322/2822 limit. A new option 'auto' to
automatically switch to quoted-printable when there is such a line in
the payload has been introduced and is made the default.

'git checkout' and 'git worktree add' learned to honor
checkout.defaultRemote when auto-vivifying a local branch out of a
remote tracking branch in a repository with multiple remotes that have
tracking branches that share the same names. (merge 8d7b558bae
ab/checkout-default-remote later to maint).

'git grep' learned the '--only-matching' option.

'git rebase --rebase-merges' mode now handles octopus merges as well.

Add a server-side knob to skip commits in exponential/fibbonacci
stride in an attempt to cover wider swath of history with a smaller
number of iterations, potentially accepting a larger packfile
transfer, instead of going back one commit a time during common
ancestor discovery during the 'git fetch' transaction. (merge
42cc7485a2 jt/fetch-negotiator-skipping later to maint).

A new configuration variable core.usereplacerefs has been added,
primarily to help server installations that want to ignore the replace
mechanism altogether.

Teach 'git tag -s' etc. a few configuration variables (gpg.format that
can be set to 'openpgp' or 'x509', and gpg.<format>.program that is
used to specify what program to use to deal with the format) to allow
x.509 certs with CMS via 'gpgsm' to be used instead of openpgp via
'gnupg'. </format>

Many more strings are prepared for l10n.

'git p4 submit' learns to ask its own pre-submit hook if it should
continue with submitting.

The test performed at the receiving end of 'git push' to prevent bad
objects from entering repository can be customized via receive.fsck.*
configuration variables; we now have gained a counterpart to do the
same on the 'git fetch' side, with fetch.fsck.* configuration
variables.

'git pull --rebase=interactive' learned 'i' as a short-hand for
'interactive'.

'git instaweb' has been adjusted to run better with newer Apache on
RedHat based distros.

'git range-diff' is a reimplementation of 'git tbdiff' that lets us
compare individual patches in two iterations of a topic.

The sideband code learned to optionally paint selected keywords at the
beginning of incoming lines on the receiving end.

'git branch --list' learned to take the default sort order from the
'branch.sort' configuration variable, just like 'git tag --list' pays
attention to 'tag.sort'.

'git worktree' command learned '--quiet' option to make it less
verbose.

git 2.18.0 :

improvements to rename detection logic

When built with more recent cURL, GIT_SSL_VERSION can now specify
'tlsv1.3' as its value.

'git mergetools' learned talking to guiffy.

various other workflow improvements and fixes

performance improvements and other developer visible fixes

git 2.17.1

Submodule 'names' come from the untrusted .gitmodules file, but we
blindly append them to $GIT_DIR/modules to create our on-disk repo
paths. This means you can do bad things by putting '../' into the
name. We now enforce some rules for submodule names which will cause
Git to ignore these malicious names (CVE-2018-11235, bsc#1095219)

It was possible to trick the code that sanity-checks paths on NTFS
into reading random piece of memory (CVE-2018-11233, bsc#1095218)

Support on the server side to reject pushes to repositories that
attempt to create such problematic .gitmodules file etc. as tracked
contents, to help hosting sites protect their customers by preventing
malicious contents from spreading.

git 2.17.0 :

'diff' family of commands learned '--find-object=<object-id>' option
to limit the findings to changes that involve the named object.
</object-id>

'git format-patch' learned to give 72-cols to diffstat, which is
consistent with other line length limits the subcommand uses for its
output meant for e-mails.

The log from 'git daemon' can be redirected with a new option; one
relevant use case is to send the log to standard error (instead of
syslog) when running it from inetd.

'git rebase' learned to take '--allow-empty-message' option.

'git am' has learned the '--quit' option, in addition to the existing
'--abort' option; having the pair mirrors a few other commands like
'rebase' and 'cherry-pick'.

'git worktree add' learned to run the post-checkout hook, just like
'git clone' runs it upon the initial checkout.

'git tag' learned an explicit '--edit' option that allows the message
given via '-m' and '-F' to be further edited.

'git fetch --prune-tags' may be used as a handy short-hand for getting
rid of stale tags that are locally held.

The new '--show-current-patch' option gives an end-user facing way to
get the diff being applied when 'git rebase' (and 'git am') stops with
a conflict.

'git add -p' used to offer '/' (look for a matching hunk) as a choice,
even there was only one hunk, which has been corrected. Also the
single-key help is now given only for keys that are enabled (e.g. help
for '/' won't be shown when there is only one hunk).

Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e. even when the
side branch being merged is a descendant of the current commit, create
a merge commit instead of fast-forwarding) when merging a tag object.
This was appropriate default for integrators who pull signed tags from
their downstream contributors, but caused an unnecessary merges when
used by downstream contributors who habitually 'catch up' their topic
branches with tagged releases from the upstream. Update 'git merge' to
default to --no-ff only when merging a tag object that does *not* sit
at its usual place in refs/tags/ hierarchy, and allow fast-forwarding
otherwise, to mitigate the problem.

'git status' can spend a lot of cycles to compute the relation between
the current branch and its upstream, which can now be disabled with
'--no-ahead-behind' option.

'git diff' and friends learned funcname patterns for Go language
source files.

'git send-email' learned '--reply-to=<address>' option. </address>

Funcname pattern used for C# now recognizes 'async' keyword.

In a way similar to how 'git tag' learned to honor the pager setting
only in the list mode, 'git config' learned to ignore the pager
setting when it is used for setting values (i.e. when the purpose of
the operation is not to 'show').

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1063412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095218"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1095219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1110949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1112230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1114225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1132350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1156651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1167890"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1168930"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1169605"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1169786"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1169936"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2017-15298/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11233/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-11235/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2018-17456/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1348/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1349/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1350/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1351/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1352/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1353/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1354/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1387/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-19604/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2020-11008/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2020-5260/"
  );
  # https://www.suse.com/support/update/announcement/2020/suse-su-20201121-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?47879213"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1 :

zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1121=1

SUSE Linux Enterprise Module for Development Tools 15-SP1 :

zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP1-2020-1121=1

SUSE Linux Enterprise Module for Basesystem 15-SP1 :

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-1121=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-arch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gitk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/29");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-p4-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-arch-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-cvs-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-email-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-gui-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-web-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"gitk-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-p4-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-arch-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-cvs-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-email-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-gui-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-web-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"gitk-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.26.1-3.25.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.26.1-3.25.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-598.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(136311);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");

  script_cve_id("CVE-2017-15298", "CVE-2018-11233", "CVE-2018-11235", "CVE-2018-17456", "CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604", "CVE-2020-11008", "CVE-2020-5260");

  script_name(english:"openSUSE Security Update : git (openSUSE-2020-598)");
  script_summary(english:"Check for the openSUSE-2020-598 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for git fixes the following issues :

Security issues fixed :

  - CVE-2020-11008: Specially crafted URLs may have tricked
    the credentials helper to providing credential
    information that is not appropriate for the protocol in
    use and host being contacted (bsc#1169936)

git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)

  - Fix git-daemon not starting after conversion from
    sysvinit to systemd service (bsc#1169605).

  - CVE-2020-5260: Specially crafted URLs with newline
    characters could have been used to make the Git client
    to send credential information for a wrong host to the
    attacker's site bsc#1168930

git 2.26.0 (bsc#1167890, jsc#SLE-11608) :

  - 'git rebase' now uses a different backend that is based
    on the 'merge' machinery by default. The
    'rebase.backend' configuration variable reverts to old
    behaviour when set to 'apply'

  - Improved handling of sparse checkouts

  - Improvements to many commands and internal features

git 2.25.2 :

  - bug fixes to various subcommands in specific operations

git 2.25.1 :

  - 'git commit' now honors advise.statusHints

  - various updates, bug fixes and documentation updates

git 2.25.0

  - The branch description ('git branch --edit-description')
    has been used to fill the body of the cover letters by
    the format-patch command; this has been enhanced so that
    the subject can also be filled.

  - A few commands learned to take the pathspec from the
    standard input or a named file, instead of taking it as
    the command line arguments, with the
    '--pathspec-from-file' option.

  - Test updates to prepare for SHA-2 transition continues.

  - Redo 'git name-rev' to avoid recursive calls.

  - When all files from some subdirectory were renamed to
    the root directory, the directory rename heuristics
    would fail to detect that as a rename/merge of the
    subdirectory to the root directory, which has been
    corrected.

  - HTTP transport had possible allocator/deallocator
    mismatch, which has been corrected.

git 2.24.1 :

  - CVE-2019-1348: The --export-marks option of fast-import
    is exposed also via the in-stream command feature
    export-marks=... and it allows overwriting arbitrary
    paths (bsc#1158785)

  - CVE-2019-1349: on Windows, when submodules are cloned
    recursively, under certain circumstances Git could be
    fooled into using the same Git directory twice
    (bsc#1158787)

  - CVE-2019-1350: Incorrect quoting of command-line
    arguments allowed remote code execution during a
    recursive clone in conjunction with SSH URLs
    (bsc#1158788)

  - CVE-2019-1351: on Windows mistakes drive letters outside
    of the US-English alphabet as relative paths
    (bsc#1158789)

  - CVE-2019-1352: on Windows was unaware of NTFS Alternate
    Data Streams (bsc#1158790)

  - CVE-2019-1353: when run in the Windows Subsystem for
    Linux while accessing a working directory on a regular
    Windows drive, none of the NTFS protections were active
    (bsc#1158791)

  - CVE-2019-1354: on Windows refuses to write tracked files
    with filenames that contain backslashes (bsc#1158792)

  - CVE-2019-1387: Recursive clones vulnerability that is
    caused by too-lax validation of submodule names,
    allowing very targeted attacks via remote code execution
    in recursive clones (bsc#1158793)

  - CVE-2019-19604: a recursive clone followed by a
    submodule update could execute code contained within the
    repository without the user explicitly having asked for
    that (bsc#1158795)

git 2.24.0

  - The command line parser learned '--end-of-options'
    notation.

  - A mechanism to affect the default setting for a
    (related) group of configuration variables is
    introduced.

  - 'git fetch' learned '--set-upstream' option to help
    those who first clone from their private fork they
    intend to push to, add the true upstream via 'git remote
    add' and then 'git fetch' from it.

  - fixes and improvements to UI, workflow and features,
    bash completion fixes

git 2.23.0 :

  - The '--base' option of 'format-patch' computed the
    patch-ids for prerequisite patches in an unstable way,
    which has been updated to compute in a way that is
    compatible with 'git patch-id

    --stable'.

  - The 'git log' command by default behaves as if the
    --mailmap option was given.

  - fixes and improvements to UI, workflow and features

git 2.22.1

  - A relative pathname given to 'git init --template=<path>
    <repo>' ought to be relative to the directory 'git init'
    gets invoked in, but it instead was made relative to the
    repository, which has been corrected.

  - 'git worktree add' used to fail when another worktree
    connected to the same repository was corrupt, which has
    been corrected.

  - 'git am -i --resolved' segfaulted after trying to see a
    commit as if it were a tree, which has been corrected.

  - 'git merge --squash' is designed to update the working
    tree and the index without creating the commit, and this
    cannot be countermanded by adding the '--commit' option;
    the command now refuses to work when both options are
    given.

  - Update to Unicode 12.1 width table.

  - 'git request-pull' learned to warn when the ref we ask
    them to pull from in the local repository and in the
    published repository are different.

  - 'git fetch' into a lazy clone forgot to fetch base
    objects that are necessary to complete delta in a thin
    packfile, which has been corrected.

  - The URL decoding code has been updated to avoid going
    past the end of the string while parsing %-<hex>-<hex>
    sequence.

  - 'git clean' silently skipped a path when it cannot
    lstat() it; now it gives a warning.

  - 'git rm' to resolve a conflicted path leaked an internal
    message 'needs merge' before actually removing the path,
    which was confusing. This has been corrected.

  - Many more bugfixes and code cleanups.

  - removal of SuSEfirewall2 service, since SuSEfirewall2
    has been replaced by firewalld.

  - partial fix for git instaweb giving 500 error
    (bsc#1112230)

git 2.22.0 

  - The filter specification '--filter=sparse:path=<path>'
    used to create a lazy/partial clone has been removed.
    Using a blob that is part of the project as sparse
    specification is still supported with the
    '--filter=sparse:oid=<blob>' option

  - 'git checkout --no-overlay' can be used to trigger a new
    mode of checking out paths out of the tree-ish, that
    allows paths that match the pathspec that are in the
    current index and working tree and are not in the
    tree-ish.

  - Four new configuration variables
    (author,committer).(name,email) have been introduced to
    override user.(name,email) in more specific cases.

  - 'git branch' learned a new subcommand '--show-current'.

  - The command line completion (in contrib/) has been
    taught to complete more subcommand parameters.

  - The completion helper code now pays attention to
    repository-local configuration (when available), which
    allows --list-cmds to honour a repository specific
    setting of completion.commands, for example.

  - The list of conflicted paths shown in the editor while
    concluding a conflicted merge was shown above the
    scissors line when the clean-up mode is set to
    'scissors', even though it was commented out just like
    the list of updated paths and other information to help
    the user explain the merge better.

  - 'git rebase' that was reimplemented in C did not set
    ORIG_HEAD correctly, which has been corrected.

  - 'git worktree add' used to do a 'find an available name
    with stat and then mkdir', which is race-prone. This has
    been fixed by using mkdir and reacting to EEXIST in a
    loop. 

  - Move to DocBook 5.x. Asciidoctor 2.x no longer supports
    the legacy DocBook 4.5 format.

  - update git-web AppArmor profile for bash and tar
    usrMerge (bsc#1132350)

git 2.21.0

  - Historically, the '-m' (mainline) option can only be
    used for 'git cherry-pick' and 'git revert' when working
    with a merge commit. This version of Git no longer warns
    or errors out when working with a single-parent commit,
    as long as the argument to the '-m' option is 1 (i.e. it
    has only one parent, and the request is to pick or
    revert relative to that first parent). Scripts that
    relied on the behaviour may get broken with this change.

  - Small fixes and features for fast-export and
    fast-import.

  - The 'http.version' configuration variable can be used
    with recent enough versions of cURL library to force the
    version of HTTP used to talk when fetching and pushing.

  - 'git push $there $src:$dst' rejects when $dst is not a
    fully qualified refname and it is not clear what the end
    user meant.

  - Update 'git multimail' from the upstream.

  - A new date format '--date=human' that morphs its output
    depending on how far the time is from the current time
    has been introduced. '--date=auto:human' can be used to
    use this new format (or any existing format) when the
    output is going to the pager or to the terminal, and
    otherwise the default format.

  - Fix worktree creation race (bsc#1114225).

  - add shadow build dependency to the -daemon subpackage.

git 2.20.1 :

  - portability fixes

  - 'git help -a' did not work well when an overly long
    alias was defined

  - no longer squelched an error message when the
    run_command API failed to run a missing command

git 2.20.0

  - 'git help -a' now gives verbose output (same as 'git
    help -av'). Those who want the old output may say 'git
    help --no-verbose -a'..

  - 'git send-email' learned to grab address-looking string
    on any trailer whose name ends with '-by'.

  - 'git format-patch' learned new '--interdiff' and
    '--range-diff' options to explain the difference between
    this version and the previous attempt in the cover
    letter (or after the three-dashes as a comment).

  - Developer builds now use -Wunused-function compilation
    option.

  - Fix a bug in which the same path could be registered
    under multiple worktree entries if the path was missing
    (for instance, was removed manually). Also, as a
    convenience, expand the number of cases in which --force
    is applicable.

  - The overly large Documentation/config.txt file have been
    split into million little pieces. This potentially
    allows each individual piece to be included into the
    manual page of the command it affects more easily.

  - Malformed or crafted data in packstream can make our
    code attempt to read or write past the allocated buffer
    and abort, instead of reporting an error, which has been
    fixed.

  - Fix for a long-standing bug that leaves the index file
    corrupt when it shrinks during a partial commit.

  - 'git merge' and 'git pull' that merges into an unborn
    branch used to completely ignore '--verify-signatures',
    which has been corrected.

  - ...and much more features and fixes

git 2.19.2 :

  - various bug fixes for multiple subcommands and
    operations

git 2.19.1 :

  - CVE-2018-17456: Specially crafted .gitmodules files may
    have allowed arbitrary code execution when the
    repository is cloned with --recurse-submodules
    (bsc#1110949)

git 2.19.0 :

  - 'git diff' compares the index and the working tree. For
    paths added with intent-to-add bit, the command shows
    the full contents of them as added, but the paths
    themselves were not marked as new files. They are now
    shown as new by default.

  - 'git apply' learned the '--intent-to-add' option so that
    an otherwise working-tree-only application of a patch
    will add new paths to the index marked with the
    'intent-to-add' bit.

  - 'git grep' learned the '--column' option that gives not
    just the line number but the column number of the hit.

  - The '-l' option in 'git branch -l' is an unfortunate
    short-hand for '--create-reflog', but many users, both
    old and new, somehow expect it to be something else,
    perhaps '--list'. This step warns when '-l' is used as a
    short-hand for '--create-reflog' and warns about the
    future repurposing of the it when it is used.

  - The userdiff pattern for .php has been updated.

  - The content-transfer-encoding of the message 'git
    send-email' sends out by default was 8bit, which can
    cause trouble when there is an overlong line to bust RFC
    5322/2822 limit. A new option 'auto' to automatically
    switch to quoted-printable when there is such a line in
    the payload has been introduced and is made the default.

  - 'git checkout' and 'git worktree add' learned to honor
    checkout.defaultRemote when auto-vivifying a local
    branch out of a remote tracking branch in a repository
    with multiple remotes that have tracking branches that
    share the same names. (merge 8d7b558bae
    ab/checkout-default-remote later to maint).

  - 'git grep' learned the '--only-matching' option.

  - 'git rebase --rebase-merges' mode now handles octopus
    merges as well.

  - Add a server-side knob to skip commits in
    exponential/fibbonacci stride in an attempt to cover
    wider swath of history with a smaller number of
    iterations, potentially accepting a larger packfile
    transfer, instead of going back one commit a time during
    common ancestor discovery during the 'git fetch'
    transaction. (merge 42cc7485a2
    jt/fetch-negotiator-skipping later to maint).

  - A new configuration variable core.usereplacerefs has
    been added, primarily to help server installations that
    want to ignore the replace mechanism altogether.

  - Teach 'git tag -s' etc. a few configuration variables
    (gpg.format that can be set to 'openpgp' or 'x509', and
    gpg.<format>.program that is used to specify what
    program to use to deal with the format) to allow x.509
    certs with CMS via 'gpgsm' to be used instead of openpgp
    via 'gnupg'.

  - Many more strings are prepared for l10n.

  - 'git p4 submit' learns to ask its own pre-submit hook if
    it should continue with submitting.

  - The test performed at the receiving end of 'git push' to
    prevent bad objects from entering repository can be
    customized via receive.fsck.* configuration variables;
    we now have gained a counterpart to do the same on the
    'git fetch' side, with fetch.fsck.* configuration
    variables.

  - 'git pull --rebase=interactive' learned 'i' as a
    short-hand for 'interactive'.

  - 'git instaweb' has been adjusted to run better with
    newer Apache on RedHat based distros.

  - 'git range-diff' is a reimplementation of 'git tbdiff'
    that lets us compare individual patches in two
    iterations of a topic.

  - The sideband code learned to optionally paint selected
    keywords at the beginning of incoming lines on the
    receiving end.

  - 'git branch --list' learned to take the default sort
    order from the 'branch.sort' configuration variable,
    just like 'git tag --list' pays attention to 'tag.sort'.

  - 'git worktree' command learned '--quiet' option to make
    it less verbose.

git 2.18.0 :

  - improvements to rename detection logic

  - When built with more recent cURL, GIT_SSL_VERSION can
    now specify 'tlsv1.3' as its value.

  - 'git mergetools' learned talking to guiffy.

  - various other workflow improvements and fixes

  - performance improvements and other developer visible
    fixes

git 2.17.1

  - Submodule 'names' come from the untrusted .gitmodules
    file, but we blindly append them to $GIT_DIR/modules to
    create our on-disk repo paths. This means you can do bad
    things by putting '../' into the name. We now enforce
    some rules for submodule names which will cause Git to
    ignore these malicious names (CVE-2018-11235,
    bsc#1095219)

  - It was possible to trick the code that sanity-checks
    paths on NTFS into reading random piece of memory
    (CVE-2018-11233, bsc#1095218)

  - Support on the server side to reject pushes to
    repositories that attempt to create such problematic
    .gitmodules file etc. as tracked contents, to help
    hosting sites protect their customers by preventing
    malicious contents from spreading.

git 2.17.0 :

  - 'diff' family of commands learned
    '--find-object=<object-id>' option to limit the findings
    to changes that involve the named object.

  - 'git format-patch' learned to give 72-cols to diffstat,
    which is consistent with other line length limits the
    subcommand uses for its output meant for e-mails.

  - The log from 'git daemon' can be redirected with a new
    option; one relevant use case is to send the log to
    standard error (instead of syslog) when running it from
    inetd.

  - 'git rebase' learned to take '--allow-empty-message'
    option.

  - 'git am' has learned the '--quit' option, in addition to
    the existing '--abort' option; having the pair mirrors a
    few other commands like 'rebase' and 'cherry-pick'.

  - 'git worktree add' learned to run the post-checkout
    hook, just like 'git clone' runs it upon the initial
    checkout.

  - 'git tag' learned an explicit '--edit' option that
    allows the message given via '-m' and '-F' to be further
    edited.

  - 'git fetch --prune-tags' may be used as a handy
    short-hand for getting rid of stale tags that are
    locally held.

  - The new '--show-current-patch' option gives an end-user
    facing way to get the diff being applied when 'git
    rebase' (and 'git am') stops with a conflict.

  - 'git add -p' used to offer '/' (look for a matching
    hunk) as a choice, even there was only one hunk, which
    has been corrected. Also the single-key help is now
    given only for keys that are enabled (e.g. help for '/'
    won't be shown when there is only one hunk).

  - Since Git 1.7.9, 'git merge' defaulted to --no-ff (i.e.
    even when the side branch being merged is a descendant
    of the current commit, create a merge commit instead of
    fast-forwarding) when merging a tag object. This was
    appropriate default for integrators who pull signed tags
    from their downstream contributors, but caused an
    unnecessary merges when used by downstream contributors
    who habitually 'catch up' their topic branches with
    tagged releases from the upstream. Update 'git merge' to
    default to --no-ff only when merging a tag object that
    does *not* sit at its usual place in refs/tags/
    hierarchy, and allow fast-forwarding otherwise, to
    mitigate the problem.

  - 'git status' can spend a lot of cycles to compute the
    relation between the current branch and its upstream,
    which can now be disabled with '--no-ahead-behind'
    option.

  - 'git diff' and friends learned funcname patterns for Go
    language source files.

  - 'git send-email' learned '--reply-to=<address>' option.

  - Funcname pattern used for C# now recognizes 'async'
    keyword.

  - In a way similar to how 'git tag' learned to honor the
    pager setting only in the list mode, 'git config'
    learned to ignore the pager setting when it is used for
    setting values (i.e. when the purpose of the operation
    is not to 'show').

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095218"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110949"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112230"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1114225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1132350"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156651"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1167890"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1168930"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169605"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169786"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1169936"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Malicious Git HTTP Server For CVE-2018-17456');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-arch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gitk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"git-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-arch-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-core-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-core-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-cvs-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-debugsource-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-email-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-gui-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-p4-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-svn-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-svn-debuginfo-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-web-2.26.1-lp151.4.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gitk-2.26.1-lp151.4.9.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-arch / git-core / git-core-debuginfo / etc");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(136240);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");

  script_cve_id(
    "CVE-2019-1348",
    "CVE-2019-1349",
    "CVE-2019-1350",
    "CVE-2019-1351",
    "CVE-2019-1352",
    "CVE-2019-1353",
    "CVE-2019-1354",
    "CVE-2019-1387",
    "CVE-2019-19604",
    "CVE-2020-5260"
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : git (EulerOS-SA-2020-1537)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the git packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :

  - Arbitrary command execution is possible in Git before
    2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2,
    2.23.x before 2.23.1, and 2.24.x before 2.24.1 because
    a 'git submodule update' operation can run commands
    found in the .gitmodules file of a malicious
    repository.(CVE-2019-19604)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. Recursive clones are
    currently affected by a vulnerability that is caused by
    too-lax validation of submodule names, allowing very
    targeted attacks via remote code execution in recursive
    clones.(CVE-2019-1387)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1352,
    CVE-2019-1387.(CVE-2019-1354)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. When running Git in the
    Windows Subsystem for Linux (also known as 'WSL') while
    accessing a working directory on a regular Windows
    drive, none of the NTFS protections were
    active.(CVE-2019-1353)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1352)

  - A tampering vulnerability exists when Git for Visual
    Studio improperly handles virtual drive paths, aka 'Git
    for Visual Studio Tampering
    Vulnerability'.(CVE-2019-1351)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1350)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1350,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1349)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. The --export-marks
    option of git fast-import is exposed also via the
    in-stream command feature export-marks=... and it
    allows overwriting arbitrary paths.(CVE-2019-1348)

  - Affected versions of Git have a vulnerability whereby
    Git can be tricked into sending private credentials to
    a host controlled by an attacker. Git uses external
    'credential helper' programs to store and retrieve
    passwords or other credentials from secure storage
    provided by the operating system. Specially-crafted
    URLs that contain an encoded newline can inject
    unintended values into the credential helper protocol
    stream, causing the credential helper to retrieve the
    password for one server (e.g., good.example.com) for an
    HTTP request being made to another server (e.g.,
    evil.example.com), resulting in credentials for the
    former being sent to the latter. There are no
    restrictions on the relationship between the two,
    meaning that an attacker can craft a URL that will
    present stored credentials for any host to a host of
    their choosing. The vulnerability can be triggered by
    feeding a malicious URL to git clone. However, the
    affected URLs look rather suspicious the likely vector
    would be through systems which automatically clone URLs
    not visible to the user, such as Git submodules, or
    package systems built around Git. The problem has been
    patched in the versions published on April 14th, 2020,
    going back to v2.17.x. Anyone wishing to backport the
    change further can do so by applying commit 9a6bbee
    (the full release includes extra checks for git fsck,
    but that commit is sufficient to protect clients
    against the vulnerability). The patched versions are:
    2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2,
    2.24.2, 2.25.3, 2.26.1.(CVE-2020-5260)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1537
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b998afa8");
  script_set_attribute(attribute:"solution", value:
"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["git-2.19.1-1.h8",
        "git-core-2.19.1-1.h8",
        "git-core-doc-2.19.1-1.h8",
        "perl-Git-2.19.1-1.h8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4220-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(132015);
  script_version("1.4");
  script_cvs_date("Date: 2019/12/31");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");
  script_xref(name:"USN", value:"4220-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : git vulnerabilities (USN-4220-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Joern Schneeweisz and Nicolas Joly discovered that Git contained
various security flaws. An attacker could possibly use these issues to
overwrite arbitrary paths, execute arbitrary code, and overwrite files
in the .git directory.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4220-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.10");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|18\.04|19\.04|19\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 19.04 / 19.10", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"git", pkgver:"1:2.7.4-0ubuntu1.7")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"git", pkgver:"1:2.17.1-1ubuntu0.5")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"git", pkgver:"1:2.20.1-2ubuntu1.19.04.1")) flag++;
if (ubuntu_check(osver:"19.10", pkgname:"git", pkgver:"1:2.20.1-2ubuntu1.19.10.1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1325.
#

include("compat.inc");

if (description)
{
  script_id(132026);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/30");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387");
  script_xref(name:"ALAS", value:"2019-1325");

  script_name(english:"Amazon Linux AMI : git (ALAS-2019-1325)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The --export-marks option of git fast-import is exposed also via the
in-stream command feature export-marks=... and it allows overwriting
arbitrary paths.(CVE-2019-1348)

When submodules are cloned recursively, under certain circumstances
Git could be fooled into using the same Git directory twice. We now
require the directory to be empty.(CVE-2019-1349)

Incorrect quoting of command-line arguments allowed remote code
execution during a recursive clone in conjunction with SSH URLs.
(CVE-2019-1350)

While the only permitted drive letters for physical drives on Windows
are letters of the US-English alphabet, this restriction does not
apply to virtual drives . Git mistook such paths for relative paths,
allowing writing outside of the worktree while cloning.
(CVE-2019-13510)

Git was unaware of NTFS Alternate Data Streams, allowing files inside
the .git/ directory to be overwritten during a clone.(CVE-2019-1352)

When running Git in the Windows Subsystem for Linux (also known as
'WSL') while accessing a working directory on a regular Windows drive,
none of the NTFS protections were active. (CVE-2019-1353)

Filenames on Linux/Unix can contain backslashes. On Windows,
backslashes are directory separators. Git did not use to refuse to
write out tracked files with such filenames.(CVE-2019-1354)

Recursive clones are currently affected by a vulnerability that is
caused by too-lax validation of submodule names, allowing very
targeted attacks via remote code execution in recursive
clones.(CVE-2019-1387)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2019-1325.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update git' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1354");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:emacs-git-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-bzr");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-hg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitweb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git-SVN");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"emacs-git-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"emacs-git-el-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-all-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-bzr-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-cvs-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-daemon-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-debuginfo-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-email-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-hg-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-p4-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"git-svn-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"gitweb-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perl-Git-2.14.6-1.61.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perl-Git-SVN-2.14.6-1.61.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1371.
#

include("compat.inc");

if (description)
{
  script_id(132259);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/26");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");
  script_xref(name:"ALAS", value:"2019-1371");

  script_name(english:"Amazon Linux 2 : git (ALAS-2019-1371)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux 2 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Git mistakes some paths for relative paths allowing writing outside of
the worktree while cloning (CVE-2019-1351)

NTFS protections inactive when running Git in the Windows Subsystem
for Linux (CVE-2019-1353)

remote code execution in recursive clones with nested submodules
(CVE-2019-1387)

Arbitrary path overwriting via export-marks command option
(CVE-2019-1348)

Files inside the .git directory may be overwritten during cloning via
NTFS Alternate Data Streams (CVE-2019-1352)

recursive submodule cloning allows using git directory twice with
synonymous directory name written in .git/ (CVE-2019-1349)

Incorrect quoting of command-line arguments allowed remote code
execution during a recursive clone (CVE-2019-1350)

Git does not refuse to write out tracked files with backlashes in
filenames (CVE-2019-1354)

Recursive clone followed by a submodule update could execute code
contained within repository without the user explicitly consent
Arbitrary command execution is possible in Git before 2.20.2, 2.21.x
before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x
before 2.24.1 because a 'git submodule update' operation can run
commands found in the .gitmodules file of a malicious
repository.(CVE-2019-19604)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1371.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update git' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-instaweb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-subtree");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gitweb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Git-SVN");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/19");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"git-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-all-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-core-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-core-doc-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-cvs-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-daemon-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-debuginfo-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-email-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-gui-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-instaweb-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-p4-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-subtree-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"git-svn-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"gitk-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"gitweb-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"perl-Git-2.23.1-1.amzn2.0.1")) flag++;
if (rpm_check(release:"AL2", reference:"perl-Git-SVN-2.23.1-1.amzn2.0.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-all / git-core / git-core-doc / git-cvs / git-daemon / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-9c3d054f39.
#

include("compat.inc");

if (description)
{
  script_id(132084);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/30");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387");
  script_xref(name:"FEDORA", value:"2019-9c3d054f39");

  script_name(english:"Fedora 31 : libgit2 (2019-9c3d054f39)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is a security release fixing the following issues :

  - CVE-2019-1348: the fast-import stream command 'feature
    export-marks=path' allows writing to arbitrary file
    paths. As libgit2 does not offer any interface for
    fast-import, it is not susceptible to this
    vulnerability.

  - CVE-2019-1349: by using NTFS 8.3 short names,
    backslashes or alternate filesystreams, it is possible
    to cause submodules to be written into pre-existing
    directories during a recursive clone using git. As
    libgit2 rejects cloning into non-empty directories by
    default, it is not susceptible to this vulnerability.

  - CVE-2019-1350: recursive clones may lead to arbitrary
    remote code executing due to improper quoting of command
    line arguments. As libgit2 uses libssh2, which does not
    require us to perform command line parsing, it is not
    susceptible to this vulnerability.

  - CVE-2019-1351: Windows provides the ability to
    substitute drive letters with arbitrary letters,
    including multi-byte Unicode letters. To fix any
    potential issues arising from interpreting such paths as
    relative paths, we have extended detection of DOS drive
    prefixes to accomodate for such cases.

  - CVE-2019-1352: by using NTFS-style alternative file
    streams for the '.git' directory, it is possible to
    overwrite parts of the repository. While this has been
    fixed in the past for Windows, the same vulnerability
    may also exist on other systems that write to NTFS
    filesystems. We now reject any paths starting with
    '.git:' on all systems.

  - CVE-2019-1353: by using NTFS-style 8.3 short names, it
    was possible to write to the '.git' directory and thus
    overwrite parts of the repository, leading to possible
    remote code execution. While this problem was already
    fixed in the past for Windows, other systems accessing
    NTFS filesystems are vulnerable to this issue too. We
    now enable NTFS protecions by default on all systems to
    fix this attack vector.

  - CVE-2019-1354: on Windows, backslashes are not a valid
    part of a filename but are instead interpreted as
    directory separators. As other platforms allowed to use
    such paths, it was possible to write such invalid
    entries into a Git repository and was thus an attack
    vector to write into the '.git' dierctory. We now reject
    any entries starting with '.git' on all systems.

  - CVE-2019-1387: it is possible to let a submodule's git
    directory point into a sibling's submodule directory,
    which may result in overwriting parts of the Git
    repository and thus lead to arbitrary command execution.
    As libgit2 doesn't provide any way to do submodule
    clones natively, it is not susceptible to this
    vulnerability. Users of libgit2 that have implemented
    recursive submodule clones manually are encouraged to
    review their implementation for this vulnerability.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-9c3d054f39"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libgit2 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1354");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libgit2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"libgit2-0.28.4-1.fc31")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgit2");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(135148);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");

  script_cve_id(
    "CVE-2019-1348",
    "CVE-2019-1349",
    "CVE-2019-1350",
    "CVE-2019-1351",
    "CVE-2019-1352",
    "CVE-2019-1353",
    "CVE-2019-1354",
    "CVE-2019-1387",
    "CVE-2019-19604"
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2020-1361)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the git packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :

  - Arbitrary command execution is possible in Git before
    2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2,
    2.23.x before 2.23.1, and 2.24.x before 2.24.1 because
    a 'git submodule update' operation can run commands
    found in the .gitmodules file of a malicious
    repository.(CVE-2019-19604)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. Recursive clones are
    currently affected by a vulnerability that is caused by
    too-lax validation of submodule names, allowing very
    targeted attacks via remote code execution in recursive
    clones.(CVE-2019-1387)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1352,
    CVE-2019-1387.(CVE-2019-1354)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. When running Git in the
    Windows Subsystem for Linux (also known as 'WSL') while
    accessing a working directory on a regular Windows
    drive, none of the NTFS protections were
    active.(CVE-2019-1353)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1352)

  - A tampering vulnerability exists when Git for Visual
    Studio improperly handles virtual drive paths, aka 'Git
    for Visual Studio Tampering
    Vulnerability'.(CVE-2019-1351)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1350)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1350,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1349)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. The --export-marks
    option of git fast-import is exposed also via the
    in-stream command feature export-marks=... and it
    allows overwriting arbitrary paths.(CVE-2019-1348)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1361
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9b0c1065");
  script_set_attribute(attribute:"solution", value:
"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["git-2.19.1-1.h5.eulerosv2r8",
        "git-core-2.19.1-1.h5.eulerosv2r8",
        "git-core-doc-2.19.1-1.h5.eulerosv2r8",
        "perl-Git-2.19.1-1.h5.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2020:0045-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(132745);
  script_version("1.2");
  script_cvs_date("Date: 2020/01/13");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");

  script_name(english:"SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:0045-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for git fixes the following issues :

Security issues fixed :

CVE-2019-1349: Fixed issue on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled into
using the same Git directory twice (bsc#1158787).

CVE-2019-19604: Fixed a recursive clone followed by a submodule update
could execute code contained within the repository without the user
explicitly having asked for that (bsc#1158795).

CVE-2019-1387: Fixed recursive clones that are currently affected by a
vulnerability that is caused by too-lax validation of submodule names,
allowing very targeted attacks via remote code execution in recursive
clones (bsc#1158793).

CVE-2019-1354: Fixed issue on Windows that refuses to write tracked
files with filenames that contain backslashes (bsc#1158792).

CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows drive, none
of the NTFS protections were active (bsc#1158791).

CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate
Data Streams (bsc#1158790).

CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside
of the US-English alphabet as relative paths (bsc#1158789).

CVE-2019-1350: Fixed incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in conjunction
with SSH URLs (bsc#1158788).

CVE-2019-1348: Fixed the --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=... and it
allows overwriting arbitrary paths (bsc#1158785).

Fixes an issue where git send-email failed to authenticate with SMTP
server (bsc#1082023)

Bug fixes: Add zlib dependency, which used to be provided by
openssl-devel, so that package can compile successfully after openssl
upgrade to 1.1.1. (bsc#1149792).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082023"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1348/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1349/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1350/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1351/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1352/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1353/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1354/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1387/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-19604/"
  );
  # https://www.suse.com/support/update/announcement/2020/suse-su-20200045-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e867966f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15-SP1:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-45=1

SUSE Linux Enterprise Module for Open Buildservice Development Tools
15:zypper in -t patch
SUSE-SLE-Module-Development-Tools-OBS-15-2020-45=1

SUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-45=1

SUSE Linux Enterprise Module for Development Tools 15:zypper in -t
patch SUSE-SLE-Module-Development-Tools-15-2020-45=1

SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-SP1-2020-45=1

SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
SUSE-SLE-Module-Basesystem-15-2020-45=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-arch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-gnome-keyring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-credential-libsecret-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-daemon-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-svn-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gitk");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"1", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-gnome-keyring-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-libsecret-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-credential-libsecret-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-p4-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-arch-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-cvs-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-daemon-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-daemon-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-email-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-gui-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-svn-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-svn-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-web-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"gitk-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-core-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-core-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debuginfo-2.16.4-3.17.2")) flag++;
if (rpm_check(release:"SLED15", sp:"0", reference:"git-debugsource-2.16.4-3.17.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-123.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(133344);
  script_version("1.2");
  script_cvs_date("Date: 2020/02/03");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");

  script_name(english:"openSUSE Security Update : git (openSUSE-2020-123)");
  script_summary(english:"Check for the openSUSE-2020-123 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for git fixes the following issues :

Security issues fixed :

  - CVE-2019-1349: Fixed issue on Windows, when submodules
    are cloned recursively, under certain circumstances Git
    could be fooled into using the same Git directory twice
    (bsc#1158787).

  - CVE-2019-19604: Fixed a recursive clone followed by a
    submodule update could execute code contained within the
    repository without the user explicitly having asked for
    that (bsc#1158795).

  - CVE-2019-1387: Fixed recursive clones that are currently
    affected by a vulnerability that is caused by too-lax
    validation of submodule names, allowing very targeted
    attacks via remote code execution in recursive clones
    (bsc#1158793).

  - CVE-2019-1354: Fixed issue on Windows that refuses to
    write tracked files with filenames that contain
    backslashes (bsc#1158792).

  - CVE-2019-1353: Fixed issue when run in the Windows
    Subsystem for Linux while accessing a working directory
    on a regular Windows drive, none of the NTFS protections
    were active (bsc#1158791).

  - CVE-2019-1352: Fixed issue on Windows was unaware of
    NTFS Alternate Data Streams (bsc#1158790).

  - CVE-2019-1351: Fixed issue on Windows mistakes drive
    letters outside of the US-English alphabet as relative
    paths (bsc#1158789).

  - CVE-2019-1350: Fixed incorrect quoting of command-line
    arguments allowed remote code execution during a
    recursive clone in conjunction with SSH URLs
    (bsc#1158788).

  - CVE-2019-1348: Fixed the --export-marks option of
    fast-import is exposed also via the in-stream command
    feature export-marks=... and it allows overwriting
    arbitrary paths (bsc#1158785).

  - Fixes an issue where git send-email failed to
    authenticate with SMTP server (bsc#1082023)

Bug fixes :

  - Add zlib dependency, which used to be provided by
    openssl-devel, so that package can compile successfully
    after openssl upgrade to 1.1.1. (bsc#1149792).

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1082023"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1149792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1158795"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-arch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-gnome-keyring-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-credential-libsecret-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-cvs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-daemon-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-email");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-p4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-svn-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:git-web");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gitk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Authen-SASL");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Net-SMTP-SSL");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/29");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/30");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"git-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-arch-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-core-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-core-debuginfo-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-gnome-keyring-debuginfo-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-credential-libsecret-debuginfo-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-cvs-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-daemon-debuginfo-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-debuginfo-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-debugsource-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-email-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-gui-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-p4-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-svn-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-svn-debuginfo-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"git-web-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"gitk-2.16.4-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"perl-Authen-SASL-2.16-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"perl-Net-SMTP-SSL-1.04-lp151.3.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git / git-arch / git-core / git-core-debuginfo / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-c841bcc3b9.
#

include("compat.inc");

if (description)
{
  script_id(132119);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/20");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");
  script_xref(name:"FEDORA", value:"2019-c841bcc3b9");

  script_name(english:"Fedora 31 : git (2019-c841bcc3b9)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Per the upstream release announcement¹, this release fixes
'various security flaws, which allowed an attacker to overwrite
arbitrary paths, remotely execute code, and/or overwrite files in the
.git/ directory etc. See the release notes attached for the list for
their descriptions and CVE identifiers.'

Refer to the 2.14.6 release notes² for details on these
vulnerabilities and the 2.24.0 release notes³ for details on
other improvements and fixes since 2.23.0.

¹
https://lore.kernel.org/git/[email protected]
/ ²
https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.14.6.txt
³
https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.24.0.txt

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c841bcc3b9"
  );
  # https://lore.kernel.org/git/[email protected]/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?d05d9ca8"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.kernel.org/pub/software/scm/git/docs/RelNotes/2.14.6.txt"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"git-2.24.1-1.fc31")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:3311-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(132093);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/19");

  script_cve_id("CVE-2019-1348", "CVE-2019-1349", "CVE-2019-1350", "CVE-2019-1351", "CVE-2019-1352", "CVE-2019-1353", "CVE-2019-1354", "CVE-2019-1387", "CVE-2019-19604");

  script_name(english:"SUSE SLES12 Security Update : git (SUSE-SU-2019:3311-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for git fixes the following issues :

Security issues fixed :

CVE-2019-1349: Fixed issue on Windows, when submodules are cloned
recursively, under certain circumstances Git could be fooled into
using the same Git directory twice (bsc#1158787).

CVE-2019-19604: Fixed a recursive clone followed by a submodule update
could execute code contained within the repository without the user
explicitly having asked for that (bsc#1158795).

CVE-2019-1387: Fixed recursive clones that are currently affected by a
vulnerability that is caused by too-lax validation of submodule names,
allowing very targeted attacks via remote code execution in recursive
clones (bsc#1158793).

CVE-2019-1354: Fixed issue on Windows that refuses to write tracked
files with filenames that contain backslashes (bsc#1158792).

CVE-2019-1353: Fixed issue when run in the Windows Subsystem for Linux
while accessing a working directory on a regular Windows drive, none
of the NTFS protections were active (bsc#1158791).

CVE-2019-1352: Fixed issue on Windows was unaware of NTFS Alternate
Data Streams (bsc#1158790).

CVE-2019-1351: Fixed issue on Windows mistakes drive letters outside
of the US-English alphabet as relative paths (bsc#1158789).

CVE-2019-1350: Fixed incorrect quoting of command-line arguments
allowed remote code execution during a recursive clone in conjunction
with SSH URLs (bsc#1158788).

CVE-2019-1348: Fixed the --export-marks option of fast-import is
exposed also via the in-stream command feature export-marks=... and it
allows overwriting arbitrary paths (bsc#1158785).

Fixed an issue where git send-email fails to authenticate with SMTP
server (bsc#1082023)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1082023"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158789"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158791"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.suse.com/show_bug.cgi?id=1158795"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1348/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1349/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1350/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1351/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1352/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1353/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1354/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-1387/"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.suse.com/security/cve/CVE-2019-19604/"
  );
  # https://www.suse.com/support/update/announcement/2019/suse-su-20193311-1/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?38eca510"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 8:zypper in -t patch
SUSE-OpenStack-Cloud-8-2019-3311=1

SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2019-3311=1

SUSE Linux Enterprise Software Development Kit 12-SP5:zypper in -t
patch SUSE-SLE-SDK-12-SP5-2019-3311=1

SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
patch SUSE-SLE-SDK-12-SP4-2019-3311=1

SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
SUSE-SLE-SAP-12-SP3-2019-3311=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2019-3311=1

SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2019-3311=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-3311=1

SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-3311=1

SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-BCL-2019-3311=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2019-3311=1

SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-BCL-2019-3311=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-3311=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2019-3311=1

SUSE CaaS Platform 3.0 :

To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.

HPE Helion Openstack 8:zypper in -t patch
HPE-Helion-OpenStack-8-2019-3311=1"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:git-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4/5", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"git-debugsource-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"git-debugsource-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"git-debugsource-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"git-debugsource-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"git-debugsource-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"git-debugsource-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"git-core-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"git-core-debuginfo-2.12.3-27.22.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"git-debugsource-2.12.3-27.22.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(133985);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2019-1348",
    "CVE-2019-1349",
    "CVE-2019-1350",
    "CVE-2019-1351",
    "CVE-2019-1352",
    "CVE-2019-1353",
    "CVE-2019-1354",
    "CVE-2019-1387",
    "CVE-2019-19604"
  );

  script_name(english:"EulerOS 2.0 SP8 : git (EulerOS-SA-2020-1151)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the git packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. The --export-marks
    option of git fast-import is exposed also via the
    in-stream command feature export-marks=... and it
    allows overwriting arbitrary paths.(CVE-2019-1348)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1350,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1349)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1350)

  - A tampering vulnerability exists when Git for Visual
    Studio improperly handles virtual drive paths, aka 'Git
    for Visual Studio Tampering
    Vulnerability'.(CVE-2019-1351)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1352)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. When running Git in the
    Windows Subsystem for Linux (also known as 'WSL') while
    accessing a working directory on a regular Windows
    drive, none of the NTFS protections were
    active.(CVE-2019-1353)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1352,
    CVE-2019-1387.(CVE-2019-1354)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. Recursive clones are
    currently affected by a vulnerability that is caused by
    too-lax validation of submodule names, allowing very
    targeted attacks via remote code execution in recursive
    clones.(CVE-2019-1387)

  - Arbitrary command execution is possible in Git before
    2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2,
    2.23.x before 2.23.1, and 2.24.x before 2.24.1 because
    a 'git submodule update' operation can run commands
    found in the .gitmodules file of a malicious
    repository.(CVE-2019-19604)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1151
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f8a663c");
  script_set_attribute(attribute:"solution", value:
"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["git-2.19.1-1.h5.eulerosv2r8",
        "git-core-2.19.1-1.h5.eulerosv2r8",
        "git-core-doc-2.19.1-1.h5.eulerosv2r8",
        "perl-Git-2.19.1-1.h5.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were  
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
#

include('compat.inc');

if (description)
{
  script_id(131939);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/13");

  script_cve_id(
    "CVE-2019-1349",
    "CVE-2019-1350",
    "CVE-2019-1351",
    "CVE-2019-1352",
    "CVE-2019-1354",
    "CVE-2019-1387",
    "CVE-2019-1486"
  );

  script_name(english:"Security Updates for Microsoft Visual Studio Products (December 2019)");
  script_summary(english:"Checks for Microsoft security updates.");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Visual Studio Products are affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Visual Studio Products are missing security
updates. It is, therefore, affected by multiple
vulnerabilities :

  - A tampering vulnerability exists when Git for Visual
    Studio improperly handles virtual drive paths. An
    attacker who successfully exploited this vulnerability
    could write arbitrary files and directories to certain
    locations on a vulnerable system. However, an attacker
    would have limited control over the destination of the
    files and directories.  (CVE-2019-1351)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input. An
    attacker who successfully exploited this vulnerability
    could take control of an affected system. An attacker
    could then install programs; view, change, or delete
    data; or create new accounts with full user rights.
    Users whose accounts are configured to have fewer user
    rights on the system could be less impacted than users
    who operate with administrative user rights.
    (CVE-2019-1349, CVE-2019-1350, CVE-2019-1352,
    CVE-2019-1354, CVE-2019-1387)

  - A spoofing vulnerability exists in Visual Studio Live
    Share when a guest connected to a Live Share session is
    redirected to an arbitrary URL specified by the session
    host. An attacker who successfully exploited this
    vulnerability could cause a connected guest's computer
    to open a browser and navigate to a URL without consent
    from the guest.  (CVE-2019-1486)");
  # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#-visual-studio-2017-version-15918-
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12d98124");
  # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#--visual-studio-2019-version-1641-
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?08e082ad");
  # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.0#--visual-studio-2019-version-16010-
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4bf32ac");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released Visual Studio 2017 15.9.18, Visual Studio 2019 16.0.19,
and Visual Studio 2019 16.4.1 to address this issue.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1354");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_studio");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ms_bulletin_checks_possible.nasl", "microsoft_visual_studio_installed.nbin");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible", "installed_sw/Microsoft Visual Studio");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}
include('audit.inc');
include('misc_func.inc');
include('install_func.inc');
include('global_settings.inc');
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');

get_kb_item_or_exit('installed_sw/Microsoft Visual Studio');

port = kb_smb_transport();
appname = 'Microsoft Visual Studio';

installs = get_installs(app_name:appname, exit_if_not_found:TRUE);

report = '';

foreach install (installs[1])
{
  version = install['version'];
  path = install['path'];
  prod = install['Product'];

  fix = '';

  # VS 2017 version 15.9
  if (prod == '2017' && version =~ '^15\\.[0-9]\\.')
  {
    fix = '15.9.28307.960';

    if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
    {
      report +=
        '\n  Path              : ' + path +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix +
        '\n';
    }
  }
  # VS 2019 Version 16.0
  else if (prod == '2019' && version =~ '^16\\.0\\.')
  {
    fix = '16.0.28803.631';
    if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
    {
      report +=
        '\n  Path              : ' + path +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix +
        '\n';
    }
  }
  # VS 2019 Version 16.4
  else if (prod == '2019' && version =~ '^16\\.[1-4]\\.')
  {
    fix = '16.4.29609.76';
    if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
    {
      report +=
        '\n  Path              : ' + path +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix +
        '\n';
    }
  }
}

if (empty(report))
  audit(AUDIT_INST_VER_NOT_VULN, appname);

security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(133902);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id(
    "CVE-2019-1348",
    "CVE-2019-1349",
    "CVE-2019-1350",
    "CVE-2019-1351",
    "CVE-2019-1352",
    "CVE-2019-1353",
    "CVE-2019-1354",
    "CVE-2019-1387",
    "CVE-2019-19604"
  );

  script_name(english:"EulerOS 2.0 SP5 : git (EulerOS-SA-2020-1101)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the git packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1352,
    CVE-2019-1387.(CVE-2019-1354)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1350, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1352)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1350,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1349)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. Recursive clones are
    currently affected by a vulnerability that is caused by
    too-lax validation of submodule names, allowing very
    targeted attacks via remote code execution in recursive
    clones.(CVE-2019-1387)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. The --export-marks
    option of git fast-import is exposed also via the
    in-stream command feature export-marks=... and it
    allows overwriting arbitrary paths.(CVE-2019-1348)

  - Arbitrary command execution is possible in Git before
    2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2,
    2.23.x before 2.23.1, and 2.24.x before 2.24.1 because
    a 'git submodule update' operation can run commands
    found in the .gitmodules file of a malicious
    repository.(CVE-2019-19604)

  - A remote code execution vulnerability exists when Git
    for Visual Studio improperly sanitizes input, aka 'Git
    for Visual Studio Remote Code Execution Vulnerability'.
    This CVE ID is unique from CVE-2019-1349,
    CVE-2019-1352, CVE-2019-1354,
    CVE-2019-1387.(CVE-2019-1350)

  - A tampering vulnerability exists when Git for Visual
    Studio improperly handles virtual drive paths, aka 'Git
    for Visual Studio Tampering
    Vulnerability'.(CVE-2019-1351)

  - An issue was found in Git before v2.24.1, v2.23.1,
    v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3,
    v2.16.6, v2.15.4, and v2.14.6. When running Git in the
    Windows Subsystem for Linux (also known as 'WSL') while
    accessing a working directory on a regular Windows
    drive, none of the NTFS protections were
    active.(CVE-2019-1353)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1101
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ee0cf314");
  script_set_attribute(attribute:"solution", value:
"Update the affected git packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19604");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["git-2.23.0-1.h4.eulerosv2r7",
        "git-core-2.23.0-1.h4.eulerosv2r7",
        "git-core-doc-2.23.0-1.h4.eulerosv2r7",
        "perl-Git-2.23.0-1.h4.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}