Vulnerabilities > CVE-2019-16775 - UNIX Symbolic Link (Symlink) Following vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option.

Vulnerable Configurations

Part Description Count
OS
Redhat
2
OS
Opensuse
1
OS
Fedoraproject
1
Application
Npmjs
631
Application
Oracle
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions via Symbolic Links
    This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to her. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file she will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0573.NASL
    descriptionAn update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-21
    modified2020-02-25
    plugin id134028
    published2020-02-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134028
    titleRHEL 8 : nodejs:10 (RHSA-2020:0573)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0573. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134028);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");
    
      script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777");
      script_xref(name:"RHSA", value:"2020:0573");
    
      script_name(english:"RHEL 8 : nodejs:10 (RHSA-2020:0573)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for the nodejs:10 module is now available for Red Hat
    Enterprise Linux 8.0 Update Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Node.js is a software development platform for building fast and
    scalable network applications in the JavaScript programming language.
    
    The following packages have been upgraded to a later upstream version:
    nodejs (10.19.0).
    
    Security Fix(es) :
    
    * nodejs: HTTP request smuggling using malformed Transfer-Encoding
    header (CVE-2019-15605)
    
    * nodejs: Remotely trigger an assertion on a TLS server with a
    malformed certificate string (CVE-2019-15604)
    
    * nodejs: HTTP header values do not have trailing optional whitespace
    trimmed (CVE-2019-15606)
    
    * npm: Symlink reference outside of node_modules folder through the
    bin field upon installation (CVE-2019-16775)
    
    * npm: Arbitrary file write via constructed entry in the package.json
    bin field (CVE-2019-16776)
    
    * npm: Global node_modules Binary Overwrite (CVE-2019-16777)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16777"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:npm");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_e4s:8.0::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    module_ver = get_kb_item('Host/RedHat/appstream/nodejs');
    if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');
    if ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);
    
    appstreams = {
        'nodejs:10': [
          {'reference':'nodejs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-debugsource-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-debugsource-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-debugsource-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-devel-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-devel-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-devel-10.19.0-1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-docs-10.19.0-1.module+el8.0.0+5738+1362a79c', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed', 'release':'8'},
          {'reference':'nodejs-packaging-17-3.module+el8+2873+aa7dfd9a', 'release':'8'},
          {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}
        ],
    };
    
    flag = 0;
    appstreams_found = 0;
    foreach module (keys(appstreams)) {
      appstream = NULL;
      appstream_name = NULL;
      appstream_version = NULL;
      appstream_split = split(module, sep:':', keep:FALSE);
      if (!empty_or_null(appstream_split)) {
        appstream_name = appstream_split[0];
        appstream_version = appstream_split[1];
        appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
      }
      if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
        appstreams_found++;
        foreach package_array ( appstreams[module] ) {
          reference = NULL;
          release = NULL;
          sp = NULL;
          cpu = NULL;
          el_string = NULL;
          rpm_spec_vers_cmp = NULL;
          epoch = NULL;
          if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
          if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
          if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
          if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
          if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
          if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
          if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
          if (reference && release) {
            if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
          }
        }
      }
    }
    
    if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc');
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0579.NASL
    descriptionAn update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es) : * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-21
    modified2020-02-26
    plugin id134062
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134062
    titleRHEL 8 : nodejs:10 (RHSA-2020:0579)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:0579. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134062);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20");
    
      script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777");
      script_xref(name:"RHSA", value:"2020:0579");
    
      script_name(english:"RHEL 8 : nodejs:10 (RHSA-2020:0579)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "An update for the nodejs:10 module is now available for Red Hat
    Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    Node.js is a software development platform for building fast and
    scalable network applications in the JavaScript programming language.
    
    The following packages have been upgraded to a later upstream version:
    nodejs (10.19.0).
    
    Security Fix(es) :
    
    * nodejs: HTTP request smuggling using malformed Transfer-Encoding
    header (CVE-2019-15605)
    
    * nodejs: Remotely trigger an assertion on a TLS server with a
    malformed certificate string (CVE-2019-15604)
    
    * nodejs: HTTP header values do not have trailing optional whitespace
    trimmed (CVE-2019-15606)
    
    * npm: Symlink reference outside of node_modules folder through the
    bin field upon installation (CVE-2019-16775)
    
    * npm: Arbitrary file write via constructed entry in the package.json
    bin field (CVE-2019-16776)
    
    * npm: Global node_modules Binary Overwrite (CVE-2019-16777)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15605"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-15606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-16777"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15605");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:npm");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    module_ver = get_kb_item('Host/RedHat/appstream/nodejs');
    if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');
    if ('10' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);
    
    appstreams = {
        'nodejs:10': [
          {'reference':'nodejs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-debugsource-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-debugsource-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-debugsource-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-devel-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-devel-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-devel-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-docs-10.19.0-1.module+el8.1.0+5726+6ed65f8c', 'release':'8', 'epoch':'1'},
          {'reference':'nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed', 'release':'8'},
          {'reference':'nodejs-packaging-17-3.module+el8+2873+aa7dfd9a', 'release':'8'},
          {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
          {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
          {'reference':'npm-6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}
        ],
    };
    
    flag = 0;
    appstreams_found = 0;
    foreach module (keys(appstreams)) {
      appstream = NULL;
      appstream_name = NULL;
      appstream_version = NULL;
      appstream_split = split(module, sep:':', keep:FALSE);
      if (!empty_or_null(appstream_split)) {
        appstream_name = appstream_split[0];
        appstream_version = appstream_split[1];
        appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name);
      }
      if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
        appstreams_found++;
        foreach package_array ( appstreams[module] ) {
          reference = NULL;
          release = NULL;
          sp = NULL;
          cpu = NULL;
          el_string = NULL;
          rpm_spec_vers_cmp = NULL;
          epoch = NULL;
          if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
          if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
          if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
          if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
          if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
          if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
          if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
          if (reference && release) {
            if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
          }
        }
      }
    }
    
    if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:10');
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-debugsource / nodejs-devel / etc');
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2A3588B4AB1211EAA051001B217B3468.NASL
    descriptionNPM reports : Global node_modules Binary Overwrite Symlink reference outside of node_modules Arbitrary File Write
    last seen2020-06-12
    modified2020-06-11
    plugin id137343
    published2020-06-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137343
    titleFreeBSD : NPM -- Multiple vulnerabilities (2a3588b4-ab12-11ea-a051-001b217b3468)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2020 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137343);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/18");
    
      script_cve_id("CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777");
    
      script_name(english:"FreeBSD : NPM -- Multiple vulnerabilities (2a3588b4-ab12-11ea-a051-001b217b3468)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "NPM reports :
    
    Global node_modules Binary Overwrite
    
    Symlink reference outside of node_modules
    
    Arbitrary File Write"
      );
      # https://nodejs.org/en/blog/vulnerability/december-2019-security-releases/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?53038277"
      );
      # https://vuxml.freebsd.org/freebsd/2a3588b4-ab12-11ea-a051-001b217b3468.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0ac0f210"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16777");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:npm");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"npm<6.13.4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0063-1.NASL
    descriptionThis update for nodejs10 to version 10.18.0 fixes the following issues : Security issues fixed : CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via
    last seen2020-06-01
    modified2020-06-02
    plugin id132850
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132850
    titleSUSE SLES12 Security Update : nodejs10 (SUSE-SU-2020:0063-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0063-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132850);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777");
    
      script_name(english:"SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2020:0063-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for nodejs10 to version 10.18.0 fixes the following 
    issues :
    
    Security issues fixed :
    
    CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4,
    fixing an arbitrary path overwrite and access via 'bin' field
    (bsc#1159352).
    
    Added support for chacha20-poly1305 for Authenticated encryption
    (AEAD).
    
    Non-security issues fixed: Fix wrong path in gypi files (bsc#1159812)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16775/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16776/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16777/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200063-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?df609e29"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2020-63=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16777");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs10-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs10-debuginfo-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs10-debugsource-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs10-devel-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"npm10-10.18.0-1.15.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs10");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0429-1.NASL
    descriptionThis update for nodejs12 fixes the following issues : nodejs12 was updated to version 12.15.0. Security issues fixed : CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). CVE-2019-16775: Fixed an arbitrary file write vulnerability (bsc#1159352). CVE-2019-16776: Fixed an arbitrary file write vulnerability (bsc#1159352). CVE-2019-16777: Fixed an arbitrary file write vulnerability (bsc#1159352). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2020-02-24
    plugin id133947
    published2020-02-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133947
    titleSUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0429-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(133947);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/26");
    
      script_cve_id("CVE-2019-15604", "CVE-2019-15605", "CVE-2019-15606", "CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777");
    
      script_name(english:"SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for nodejs12 fixes the following issues :
    
    nodejs12 was updated to version 12.15.0.
    
    Security issues fixed :
    
    CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS
    server via a crafted certificate string (CVE-2019-15604, bsc#1163104).
    
    CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via
    malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102).
    
    CVE-2019-15606: Fixed the white space sanitation of HTTP headers
    (CVE-2019-15606, bsc#1163103).
    
    CVE-2019-16775: Fixed an arbitrary file write vulnerability
    (bsc#1159352).
    
    CVE-2019-16776: Fixed an arbitrary file write vulnerability
    (bsc#1159352).
    
    CVE-2019-16777: Fixed an arbitrary file write vulnerability
    (bsc#1159352).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1163102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1163103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1163104"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15604/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15605/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-15606/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16775/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16776/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16777/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200429-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?83e2950f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Web Scripting 12:zypper in -t patch
    SUSE-SLE-Module-Web-Scripting-12-2020-429=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs12-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm12");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-12.15.0-1.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-debuginfo-12.15.0-1.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-debugsource-12.15.0-1.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nodejs12-devel-12.15.0-1.6.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"npm12-12.15.0-1.6.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs12");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0104-1.NASL
    descriptionThis update for nodejs10 to version 10.18.0 fixes the following issues : Security issues fixed : CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via
    last seen2020-06-01
    modified2020-06-02
    plugin id132952
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132952
    titleSUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0104-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:0104-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132952);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/21");
    
      script_cve_id("CVE-2019-16775", "CVE-2019-16776", "CVE-2019-16777");
    
      script_name(english:"SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0104-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for nodejs10 to version 10.18.0 fixes the following 
    issues :
    
    Security issues fixed :
    
    CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4,
    fixing an arbitrary path overwrite and access via 'bin' field
    (bsc#1159352).
    
    Added support for chacha20-poly1305 for Authenticated encryption
    (AEAD).
    
    Non-security issues fixed :
    
    Fixed wrong path in gypi files (bsc#1159812).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1149792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1159812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16775/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16776/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-16777/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20200104-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c7dd0ce3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Web Scripting 15-SP1 :
    
    zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP1-2020-104=1
    
    SUSE Linux Enterprise Module for Web Scripting 15 :
    
    zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-2020-104=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16777");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nodejs10-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:npm10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-debuginfo-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-debugsource-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"nodejs10-devel-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"npm10-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-debuginfo-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-debugsource-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"nodejs10-devel-10.18.0-1.15.1")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"npm10-10.18.0-1.15.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nodejs10");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0043-1.NASL
    descriptionThis update for nodejs8 to version 8.17.0 fixes the following issues : Security issues fixed : CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via
    last seen2020-06-01
    modified2020-06-02
    plugin id132744
    published2020-01-09
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132744
    titleSUSE SLES15 Security Update : nodejs8 (SUSE-SU-2020:0043-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-595CE5E3CC.NASL
    descriptionUpdate to 12.14.1 Add new subpackage `nodejs-full-i18n` to provide non-English locale and Unicode support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id133233
    published2020-01-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133233
    titleFedora 31 : 1:libuv / 1:nodejs (2020-595ce5e3cc)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-59.NASL
    descriptionThis update for nodejs8 to version 8.17.0 fixes the following issues : Security issues fixed : - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via
    last seen2020-06-01
    modified2020-06-02
    plugin id132920
    published2020-01-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132920
    titleopenSUSE Security Update : nodejs8 (openSUSE-2020-59)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0247-1.NASL
    descriptionThis update for nodejs6 to version 6.17.1 fixes the following issues : Security issues fixed : CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via
    last seen2020-06-01
    modified2020-06-02
    plugin id133348
    published2020-01-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133348
    titleSUSE SLES12 Security Update : nodejs6 (SUSE-SU-2020:0247-1)

Redhat

advisories
  • rhsa
    idRHEA-2020:0330
  • rhsa
    idRHSA-2020:0573
  • rhsa
    idRHSA-2020:0579
  • rhsa
    idRHSA-2020:0597
  • rhsa
    idRHSA-2020:0602
rpms
  • nodejs-1:12.14.1-1.module+el8.1.0+5466+30f75629
  • nodejs-debuginfo-1:12.14.1-1.module+el8.1.0+5466+30f75629
  • nodejs-debugsource-1:12.14.1-1.module+el8.1.0+5466+30f75629
  • nodejs-devel-1:12.14.1-1.module+el8.1.0+5466+30f75629
  • nodejs-docs-1:12.14.1-1.module+el8.1.0+5466+30f75629
  • nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45
  • nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45
  • npm-1:6.13.4-1.12.14.1.1.module+el8.1.0+5466+30f75629
  • nodejs-1:10.19.0-1.module+el8.0.0+5738+1362a79c
  • nodejs-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c
  • nodejs-debugsource-1:10.19.0-1.module+el8.0.0+5738+1362a79c
  • nodejs-devel-1:10.19.0-1.module+el8.0.0+5738+1362a79c
  • nodejs-devel-debuginfo-1:10.19.0-1.module+el8.0.0+5738+1362a79c
  • nodejs-docs-1:10.19.0-1.module+el8.0.0+5738+1362a79c
  • nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
  • nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
  • npm-1:6.13.4-1.10.19.0.1.module+el8.0.0+5738+1362a79c
  • nodejs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
  • nodejs-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
  • nodejs-debugsource-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
  • nodejs-devel-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
  • nodejs-devel-debuginfo-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
  • nodejs-docs-1:10.19.0-1.module+el8.1.0+5726+6ed65f8c
  • nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
  • nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
  • npm-1:6.13.4-1.10.19.0.1.module+el8.1.0+5726+6ed65f8c
  • rh-nodejs10-nodejs-0:10.19.0-1.el7
  • rh-nodejs10-nodejs-debuginfo-0:10.19.0-1.el7
  • rh-nodejs10-nodejs-devel-0:10.19.0-1.el7
  • rh-nodejs10-nodejs-docs-0:10.19.0-1.el7
  • rh-nodejs10-npm-0:6.13.4-10.19.0.1.el7
  • rh-nodejs12-nodejs-0:12.16.1-1.el7
  • rh-nodejs12-nodejs-debuginfo-0:12.16.1-1.el7
  • rh-nodejs12-nodejs-devel-0:12.16.1-1.el7
  • rh-nodejs12-nodejs-docs-0:12.16.1-1.el7
  • rh-nodejs12-npm-0:6.13.4-12.16.1.1.el7