ID CESA-2009:1452 Type centos Reporter CentOS Project Modified 2009-10-30T15:43:55
Description
CentOS Errata and Security Advisory CESA-2009:1452
neon is an HTTP and WebDAV client library, with a C interface. It provides
a high-level interface to HTTP and WebDAV methods along with a low-level
interface for HTTP request handling. neon supports persistent connections,
proxy servers, basic, digest and Kerberos authentication, and has complete
SSL support.
It was discovered that neon is affected by the previously published "null
prefix attack", caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted certificate
signed by a trusted Certificate Authority, the attacker could use the
certificate during a man-in-the-middle attack and potentially confuse an
application using the neon library into accepting it by mistake.
(CVE-2009-2474)
A denial of service flaw was found in the neon Extensible Markup Language
(XML) parser. A remote attacker (malicious DAV server) could provide a
specially-crafted XML document that would cause excessive memory and CPU
consumption if an application using the neon XML parser was tricked into
processing it. (CVE-2009-2473)
All neon users should upgrade to these updated packages, which contain
backported patches to correct these issues. Applications using the neon
HTTP and WebDAV client library, such as cadaver, must be restarted for this
update to take effect.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2009-October/016252.html
http://lists.centos.org/pipermail/centos-announce/2009-October/016253.html
http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html
http://lists.centos.org/pipermail/centos-announce/2009-September/016168.html
Affected packages:
neon
neon-devel
Upstream details at:
https://rhn.redhat.com/errata/RHSA-2009-1452.html
{"href": "http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html", "history": [{"lastseen": "2017-10-03T18:25:11", "differentElements": ["references", "affectedPackage", "description", "published", "href"], "edition": 1, "bulletin": {"cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html", "objectVersion": "1.3", "viewCount": 0, "id": "CESA-2009:1452", "history": [], "modified": "2009-10-30T15:43:55", "edition": 1, "published": "2009-09-22T14:46:23", "description": "**CentOS Errata and Security Advisory** CESA-2009:1452\n\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016252.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016253.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016167.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016168.html\n\n**Affected packages:**\nneon\nneon-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2009-1452.html", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "title": "neon security update", "lastseen": "2017-10-03T18:25:11", "affectedPackage": [{"arch": "x86_64", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.x86_64.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "x86_64", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.x86_64.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "x86_64", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.x86_64.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "x86_64", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.x86_64.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.i386.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}], "type": "centos", "enchantments": {"score": {"modified": "2017-10-03T18:25:11", "value": 2.6}}, "reporter": "CentOS Project", "hashmap": [{"key": "description", "hash": "d1b0e8bc739e2fb31125e99658f8bb2c"}, {"key": "affectedPackage", "hash": "3837bdb7ea3b078360e1ce17b9e5fb5a"}, {"key": "href", "hash": "c87e9e834573a607bb659db6d1bb210c"}, {"key": "cvelist", "hash": "3fd07612452189326473ed41c7ac7233"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "references", "hash": "c16865428364b112c5b7833530925d68"}, {"key": "modified", "hash": "b2e009d03f795ff24a22fb2858c4cc87"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "title", "hash": "daebf7540f0ca99ad2c73a96de1ddc86"}, {"key": "published", "hash": "5a29862f2f16928d5a033b4a4a3278f5"}], "hash": "ec9b597417b17d7c3bbc00b5ed19aa1807f43ae2fc9047821ee6d2c236947a9a", "references": ["https://rhn.redhat.com/errata/RHSA-2009-1452.html", "http://rhn.redhat.com/errata/RHSA-2009-1452.html"]}}, {"lastseen": "2018-03-09T09:41:54", "differentElements": ["references", "affectedPackage", "description", "published", "href"], "edition": 2, "bulletin": {"cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2009-October/016252.html", "objectVersion": "1.3", "viewCount": 0, "id": "CESA-2009:1452", "history": [], "modified": "2009-10-30T15:43:55", "edition": 2, "published": "2009-10-30T15:43:55", "description": "**CentOS Errata and Security Advisory** CESA-2009:1452\n\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016252.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016253.html\n\n**Affected packages:**\nneon\nneon-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1452.html", "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "title": "neon security update", "lastseen": "2018-03-09T09:41:54", "affectedPackage": [{"arch": "x86_64", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.x86_64.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "x86_64", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.x86_64.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}], "type": "centos", "enchantments": {"score": {"modified": "2018-03-09T09:41:54", "value": 2.6}}, "reporter": "CentOS Project", "hashmap": [{"key": "href", "hash": "522e01a411fe9a2768ef8f6b1fba0326"}, {"key": "cvelist", "hash": "3fd07612452189326473ed41c7ac7233"}, {"key": "published", "hash": "b2e009d03f795ff24a22fb2858c4cc87"}, {"key": "affectedPackage", "hash": "6900296188c2120180b51ec30a02d9de"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "modified", "hash": "b2e009d03f795ff24a22fb2858c4cc87"}, {"key": "description", "hash": "9df3c613a5de461e55c79b92a3f73b88"}, {"key": "references", "hash": "d57fe1665983fa5247ab5198722f2f9e"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "title", "hash": "daebf7540f0ca99ad2c73a96de1ddc86"}], "hash": "1323c16dd3a778d5540eda60b49f2598f59f462b46b9b8e121aef07841332b60", "references": ["https://rhn.redhat.com/errata/RHSA-2009-1452.html"]}}], "id": "CESA-2009:1452", "reporter": "CentOS Project", "published": "2009-09-22T14:46:23", "description": "**CentOS Errata and Security Advisory** CESA-2009:1452\n\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016252.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-October/016253.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016167.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-September/016168.html\n\n**Affected packages:**\nneon\nneon-devel\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2009-1452.html", "title": "neon security update", "affectedPackage": [{"arch": "x86_64", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.x86_64.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "x86_64", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.x86_64.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "x86_64", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.x86_64.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "i386", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "x86_64", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.x86_64.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "any", "packageName": "neon", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageVersion": "0.25.5-10.el5_4.1", "OSVersion": "5"}, {"arch": "i386", "packageName": "neon-devel", "operator": "lt", "OS": "CentOS", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.i386.rpm", "packageVersion": "0.24.7-4.el4_8.2", "OSVersion": "4"}], "bulletinFamily": "unix", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "hash": "ec9b597417b17d7c3bbc00b5ed19aa1807f43ae2fc9047821ee6d2c236947a9a", "references": ["https://rhn.redhat.com/errata/RHSA-2009-1452.html", "http://rhn.redhat.com/errata/RHSA-2009-1452.html"], "edition": 3, "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "lastseen": "2018-03-09T11:46:03", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "hashmap": [{"key": "affectedPackage", "hash": "3837bdb7ea3b078360e1ce17b9e5fb5a"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "3fd07612452189326473ed41c7ac7233"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "d1b0e8bc739e2fb31125e99658f8bb2c"}, {"key": "href", "hash": "c87e9e834573a607bb659db6d1bb210c"}, {"key": "modified", "hash": "b2e009d03f795ff24a22fb2858c4cc87"}, {"key": "published", "hash": "5a29862f2f16928d5a033b4a4a3278f5"}, {"key": "references", "hash": "c16865428364b112c5b7833530925d68"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "daebf7540f0ca99ad2c73a96de1ddc86"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "objectVersion": "1.3", "modified": "2009-10-30T15:43:55"}
{"cve": [{"lastseen": "2017-09-19T13:36:33", "references": ["http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "http://www.ubuntu.com/usn/usn-835-1", "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html", "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html", "http://www.securityfocus.com/bid/36079", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html", "http://support.apple.com/kb/HT4435", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html", "http://www.vupen.com/english/advisories/2009/2341", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"], "description": "neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "edition": 2, "reporter": "NVD", "published": "2009-08-21T13:30:00", "title": "CVE-2009-2474", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:33", "vector": "NONE", "value": 6.8}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11721", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-2474"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:11721", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11721"}], "modified": "2017-09-18T21:29:08", "cpe": ["cpe:/a:webdav:neon:0.17.2", "cpe:/a:webdav:neon:0.7.3", "cpe:/a:webdav:neon:0.25.3", "cpe:/a:webdav:neon:0.23.9", "cpe:/a:webdav:neon:0.19.2", "cpe:/a:webdav:neon:0.26.0", "cpe:/a:webdav:neon:0.11.0", "cpe:/a:webdav:neon:0.19.3", "cpe:/a:webdav:neon:0.15.3", "cpe:/a:webdav:neon:0.26.4", "cpe:/a:webdav:neon:0.24.4", "cpe:/a:webdav:neon:0.25.1", "cpe:/a:webdav:neon:0.21.0", "cpe:/a:webdav:neon:0.24.6", "cpe:/a:webdav:neon:0.13.0", "cpe:/a:webdav:neon:0.8.0", "cpe:/a:webdav:neon:0.28.1", "cpe:/a:webdav:neon:0.28.2", "cpe:/a:webdav:neon:0.7.7", "cpe:/a:webdav:neon:0.28.4", "cpe:/a:webdav:neon:0.16.1", "cpe:/a:webdav:neon:0.26.2", "cpe:/a:webdav:neon:0.1.1", "cpe:/a:webdav:neon:0.24.5", "cpe:/a:webdav:neon:0.24.1", "cpe:/a:webdav:neon:0.18.2", "cpe:/a:webdav:neon:0.18.0", "cpe:/a:webdav:neon:0.15.0", "cpe:/a:webdav:neon:0.17.0", "cpe:/a:webdav:neon:0.7.4", "cpe:/a:webdav:neon:0.16.0", "cpe:/a:webdav:neon:0.2.1", "cpe:/a:webdav:neon:0.17.1", "cpe:/a:webdav:neon:0.3.0", "cpe:/a:webdav:neon:0.22.0", "cpe:/a:webdav:neon:0.28.3", "cpe:/a:webdav:neon:0.23.7", "cpe:/a:webdav:neon:0.21.3", "cpe:/a:webdav:neon:0.9.1", "cpe:/a:webdav:neon:0.7.1", "cpe:/a:webdav:neon:0.3.1", "cpe:/a:webdav:neon:0.4.1", "cpe:/a:webdav:neon:0.23.1", "cpe:/a:webdav:neon:0.2.0", "cpe:/a:webdav:neon:0.25.2", "cpe:/a:webdav:neon:0.23.3", "cpe:/a:webdav:neon:0.24.0", "cpe:/a:webdav:neon:0.21.1", "cpe:/a:webdav:neon:0.24.2", "cpe:/a:webdav:neon:0.14.0", "cpe:/a:webdav:neon:0.18.5", "cpe:/a:webdav:neon:0.18.3", "cpe:/a:webdav:neon:0.1.0", "cpe:/a:webdav:neon:0.24.7", "cpe:/a:webdav:neon:0.18.4", "cpe:/a:webdav:neon:0.8.1", "cpe:/a:webdav:neon:0.7.6", "cpe:/a:webdav:neon:0.9.0", "cpe:/a:webdav:neon:0.19.1", "cpe:/a:webdav:neon:0.4.2", "cpe:/a:webdav:neon:0.28.5", "cpe:/a:webvdav:neon:0.15.1", "cpe:/a:webdav:neon:0.23.5", "cpe:/a:webdav:neon:0.23.2", "cpe:/a:webdav:neon:0.24.3", "cpe:/a:webdav:neon:0.15.2", "cpe:/a:webdav:neon:0.23.0", "cpe:/a:webdav:neon:0.18.1", "cpe:/a:webdav:neon:0.5.1", "cpe:/a:webdav:neon:0.5.0", "cpe:/a:webdav:neon:0.6.0", "cpe:/a:webdav:neon:0.19.4", "cpe:/a:webdav:neon:0.12.0", "cpe:/a:webdav:neon:0.27.1", "cpe:/a:webdav:neon:0.7.2", "cpe:/a:webdav:neon:0.27.0", "cpe:/a:webdav:neon:0.27.2", "cpe:/a:webdav:neon:0.23.6", "cpe:/a:webdav:neon:0.7.5", "cpe:/a:webdav:neon:0.28.0", "cpe:/a:webdav:neon:0.25.0", "cpe:/a:webdav:neon:0.21.2", "cpe:/a:webdav:neon:0.10.0", "cpe:/a:webdav:neon:0.25.4", "cpe:/a:webdav:neon:0.23.8", "cpe:/a:webdav:neon:0.26.1", "cpe:/a:webdav:neon:0.26.3", "cpe:/a:webdav:neon:0.19.0", "cpe:/a:webdav:neon:0.20.0", "cpe:/a:webdav:neon:0.7.0", "cpe:/a:webdav:neon:0.23.4"], "id": "CVE-2009-2474", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2474", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-19T13:36:33", "references": ["http://lists.manyfish.co.uk/pipermail/neon/2009-August/001045.html", "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "http://rhn.redhat.com/errata/RHSA-2013-0131.html", "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html", "http://support.apple.com/kb/HT4435", "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html", "http://www.vupen.com/english/advisories/2009/2341", "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html", "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221", "https://exchange.xforce.ibmcloud.com/vulnerabilities/52633"], "description": "neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.", "edition": 3, "reporter": "NVD", "published": "2009-08-21T13:30:00", "title": "CVE-2009-2473", "type": "cve", "enchantments": {"score": {"modified": "2017-09-19T13:36:33", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9461", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9461"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-2473"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:9461", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9461"}], "modified": "2017-09-18T21:29:08", "cpe": ["cpe:/a:webdav:neon:0.28.6"], "id": "CVE-2009-2473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2473", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-02T00:04:59", "references": ["2009:1452", "http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html"], "pluginID": "1361412562310880913", "description": "Check for the Version of neon", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for neon CESA-2009:1452 centos4 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880913", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for neon CESA-2009:1452 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"neon is an HTTP and WebDAV client library, with a C interface. It provides\n a high-level interface to HTTP and WebDAV methods along with a low-level\n interface for HTTP request handling. neon supports persistent connections,\n proxy servers, basic, digest and Kerberos authentication, and has complete\n SSL support.\n\n It was discovered that neon is affected by the previously published "null\n prefix attack", caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted certificate\n signed by a trusted Certificate Authority, the attacker could use the\n certificate during a man-in-the-middle attack and potentially confuse an\n application using the neon library into accepting it by mistake.\n (CVE-2009-2474)\n \n A denial of service flaw was found in the neon Extensible Markup Language\n (XML) parser. A remote attacker (malicious DAV server) could provide a\n specially-crafted XML document that would cause excessive memory and CPU\n consumption if an application using the neon XML parser was tricked into\n processing it. (CVE-2009-2473)\n \n All neon users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Applications using the neon\n HTTP and WebDAV client library, such as cadaver, must be restarted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"neon on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880913\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1452\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_name(\"CentOS Update for neon CESA-2009:1452 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of neon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.24.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:04:18", "references": ["http://lists.centos.org/pipermail/centos-announce/2009-October/016252.html", "2009:1452"], "pluginID": "1361412562310880713", "description": "Check for the Version of neon", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for neon CESA-2009:1452 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310880713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for neon CESA-2009:1452 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"neon is an HTTP and WebDAV client library, with a C interface. It provides\n a high-level interface to HTTP and WebDAV methods along with a low-level\n interface for HTTP request handling. neon supports persistent connections,\n proxy servers, basic, digest and Kerberos authentication, and has complete\n SSL support.\n\n It was discovered that neon is affected by the previously published "null\n prefix attack", caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted certificate\n signed by a trusted Certificate Authority, the attacker could use the\n certificate during a man-in-the-middle attack and potentially confuse an\n application using the neon library into accepting it by mistake.\n (CVE-2009-2474)\n \n A denial of service flaw was found in the neon Extensible Markup Language\n (XML) parser. A remote attacker (malicious DAV server) could provide a\n specially-crafted XML document that would cause excessive memory and CPU\n consumption if an application using the neon XML parser was tricked into\n processing it. (CVE-2009-2473)\n \n All neon users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Applications using the neon\n HTTP and WebDAV client library, such as cadaver, must be restarted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"neon on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016252.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880713\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1452\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_name(\"CentOS Update for neon CESA-2009:1452 centos5 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of neon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.25.5~10.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.25.5~10.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:06", "references": ["http://www.redhat.com/security/updates/classification/#moderate", "http://rhn.redhat.com/errata/RHSA-2009-1452.html"], "pluginID": "136141256231064941", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1452.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published null\nprefix attack, caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-28T00:00:00", "title": "RedHat Security Advisory RHSA-2009:1452", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064941", "id": "OPENVAS:136141256231064941", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1452.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1452 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1452.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published null\nprefix attack, caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64941\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1452\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1452.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-debuginfo\", rpm:\"neon-debuginfo~0.24.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.24.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.25.5~10.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-debuginfo\", rpm:\"neon-debuginfo~0.25.5~10.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.25.5~10.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:05", "references": [], "pluginID": "136141256231064986", "description": "The remote host is missing updates to neon announced in\nadvisory CESA-2009:1452.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-28T00:00:00", "type": "openvas", "title": "CentOS Security Advisory CESA-2009:1452 (neon)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064986", "id": "OPENVAS:136141256231064986", "sourceData": "#CESA-2009:1452 64986 4\n# $Id: ovcesa2009_1452.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory CESA-2009:1452 (neon)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"For details on the issues addressed in this update,\nplease visit the referenced security advisories.\";\ntag_solution = \"Update the appropriate packages on your system.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=CESA-2009:1452\nhttp://www.securityspace.com/smysecure/catid.html?in=RHSA-2009:1452\nhttps://rhn.redhat.com/errata/RHSA-2009-1452.html\";\ntag_summary = \"The remote host is missing updates to neon announced in\nadvisory CESA-2009:1452.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64986\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"CentOS Security Advisory CESA-2009:1452 (neon)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.24.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.25.5~10.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.25.5~10.el5_4.1\", rls:\"CentOS5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-24T18:21:40", "references": ["http://xforce.iss.net/xforce/xfdb/52633", "http://secunia.com/advisories/36371", "http://www.vupen.com/english/advisories/2009/2341"], "pluginID": "1361412562310900828", "description": "This host has Neon installed and is prone to Certificate Spoofing\n and Denial of Service vulnerability.", "edition": 4, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-08-27T00:00:00", "title": "Neon Certificate Spoofing and Denial of Service Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-09-22T00:00:00", "id": "OPENVAS:1361412562310900828", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_neon_cert_spoofing_n_dos_vuln.nasl 11554 2018-09-22 15:11:42Z cfischer $\n#\n# Neon Certificate Spoofing And Denial of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900828\");\n script_version(\"$Revision: 11554 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 17:11:42 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-27 13:43:20 +0200 (Thu, 27 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36080, 36079);\n script_name(\"Neon Certificate Spoofing and Denial of Service Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36371\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/52633\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/2341\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_neon_detect.nasl\");\n script_mandatory_keys(\"WebDAV/Neon/Ver\");\n script_tag(name:\"impact\", value:\"Attacker may leverage this issue to conduct man-in-the-middle attacks to\n spoof arbitrary SSL servers, and can deny the service by memory or CPU\n consumption on the affected application.\");\n script_tag(name:\"affected\", value:\"WebDAV, Neon version prior to 0.28.6 on Linux.\");\n script_tag(name:\"insight\", value:\"- When OpenSSL is used, neon does not properly handle a '&qt?&qt' character\n in a domain name in the 'subject&qts' Common Name (CN) field of an X.509\n certificate via a crafted certificate issued by a legitimate Certification\n Authority.\n\n - When expat is used, neon does not properly detect recursion during entity\n expansion via a crafted XML document containing a large number of nested\n entity references.\");\n script_tag(name:\"solution\", value:\"Upgrade to version 0.28.6 or latest\n http://www.webdav.org/neon/\");\n script_tag(name:\"summary\", value:\"This host has Neon installed and is prone to Certificate Spoofing\n and Denial of Service vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nneonVer = get_kb_item(\"WebDAV/Neon/Ver\");\nif(!neonVer){\n exit(0);\n}\n\nif(version_is_less(version:neonVer, test_version:\"0.28.6\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:24:00", "references": ["http://linux.oracle.com/errata/ELSA-2009-1452.html"], "pluginID": "1361412562310122437", "description": "Oracle Linux Local Security Checks ELSA-2009-1452", "edition": 6, "reporter": "Eero Volotinen", "published": "2015-10-08T00:00:00", "title": "Oracle Linux Local Check: ELSA-2009-1452", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310122437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122437", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2009-1452.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122437\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:45:20 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2009-1452\");\n script_tag(name:\"insight\", value:\"ELSA-2009-1452 - neon security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2009-1452\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2009-1452.html\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.25.5~10.el5_4.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.25.5~10.el5_4.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:58", "references": ["http://xforce.iss.net/xforce/xfdb/52633", "http://secunia.com/advisories/36371", "http://www.vupen.com/english/advisories/2009/2341"], "pluginID": "900828", "description": "This host has Neon installed and is prone to Certificate Spoofing\n and Denial of Service vulnerability.", "edition": 1, "reporter": "Copyright (C) 2009 SecPod", "published": "2009-08-27T00:00:00", "title": "Neon Certificate Spoofing and Denial of Service Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Denial of Service", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2017-01-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=900828", "id": "OPENVAS:900828", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_neon_cert_spoofing_n_dos_vuln.nasl 5122 2017-01-27 12:16:00Z teissa $\n#\n# Neon Certificate Spoofing And Denial of Service Vulnerability\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Attacker may leverage this issue to conduct man-in-the-middle attacks to\n spoof arbitrary SSL servers, and can deny the service by memory or CPU\n consumption on the affected application.\n Impact Level: System/Application\";\ntag_affected = \"WebDAV, Neon version prior to 0.28.6 on Linux.\";\ntag_insight = \"- When OpenSSL is used, neon does not properly handle a '&qt?&qt' character\n in a domain name in the 'subject&qts' Common Name (CN) field of an X.509\n certificate via a crafted certificate issued by a legitimate Certification\n Authority.\n - When expat is used, neon does not properly detect recursion during entity\n expansion via a crafted XML document containing a large number of nested\n entity references.\";\ntag_solution = \"Upgrade to version 0.28.6 or latest\n http://www.webdav.org/neon/\";\ntag_summary = \"This host has Neon installed and is prone to Certificate Spoofing\n and Denial of Service vulnerability.\";\n\nif(description)\n{\n script_id(900828);\n script_version(\"$Revision: 5122 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-27 13:16:00 +0100 (Fri, 27 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-08-27 13:43:20 +0200 (Thu, 27 Aug 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36080, 36079);\n script_name(\"Neon Certificate Spoofing and Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36371\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/52633\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/2341\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_neon_detect.nasl\");\n script_require_keys(\"WebDAV/Neon/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nneonVer = get_kb_item(\"WebDAV/Neon/Ver\");\nif(!neonVer){\n exit(0);\n}\n\n# Check for Neon version < 0.28.6\nif(version_is_less(version:neonVer, test_version:\"0.28.6\")){\n security_message(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-27T10:56:38", "references": ["http://www.redhat.com/security/updates/classification/#moderate", "http://rhn.redhat.com/errata/RHSA-2009-1452.html"], "pluginID": "64941", "description": "The remote host is missing updates announced in\nadvisory RHSA-2009:1452.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published null\nprefix attack, caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-09-28T00:00:00", "title": "RedHat Security Advisory RHSA-2009:1452", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2017-07-12T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64941", "id": "OPENVAS:64941", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: RHSA_2009_1452.nasl 6683 2017-07-12 09:41:57Z cfischer $\n# Description: Auto-generated from advisory RHSA-2009:1452 ()\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory RHSA-2009:1452.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published null\nprefix attack, caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.\";\n\ntag_solution = \"Please note that this update is available via\nRed Hat Network. To use Red Hat Network, launch the Red\nHat Update Agent with the following command: up2date\";\n\n\n\nif(description)\n{\n script_id(64941);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Security Advisory RHSA-2009:1452\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"http://rhn.redhat.com/errata/RHSA-2009-1452.html\");\n script_xref(name : \"URL\" , value : \"http://www.redhat.com/security/updates/classification/#moderate\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-debuginfo\", rpm:\"neon-debuginfo~0.24.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.24.7~4.el4_8.2\", rls:\"RHENT_4\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.25.5~10.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-debuginfo\", rpm:\"neon-debuginfo~0.25.5~10.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.25.5~10.el5_4.1\", rls:\"RHENT_5\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:39", "references": ["2009:1452", "http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html"], "pluginID": "880913", "description": "Check for the Version of neon", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CentOS Update for neon CESA-2009:1452 centos4 i386", "type": "openvas", "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880913", "id": "OPENVAS:880913", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for neon CESA-2009:1452 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"neon is an HTTP and WebDAV client library, with a C interface. It provides\n a high-level interface to HTTP and WebDAV methods along with a low-level\n interface for HTTP request handling. neon supports persistent connections,\n proxy servers, basic, digest and Kerberos authentication, and has complete\n SSL support.\n\n It was discovered that neon is affected by the previously published "null\n prefix attack", caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted certificate\n signed by a trusted Certificate Authority, the attacker could use the\n certificate during a man-in-the-middle attack and potentially confuse an\n application using the neon library into accepting it by mistake.\n (CVE-2009-2474)\n \n A denial of service flaw was found in the neon Extensible Markup Language\n (XML) parser. A remote attacker (malicious DAV server) could provide a\n specially-crafted XML document that would cause excessive memory and CPU\n consumption if an application using the neon XML parser was tricked into\n processing it. (CVE-2009-2473)\n \n All neon users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Applications using the neon\n HTTP and WebDAV client library, such as cadaver, must be restarted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"neon on CentOS 4\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-September/016167.html\");\n script_id(880913);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1452\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_name(\"CentOS Update for neon CESA-2009:1452 centos4 i386\");\n\n script_summary(\"Check for the Version of neon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.24.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.24.7~4.el4_8.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:38", "references": ["http://lists.centos.org/pipermail/centos-announce/2009-October/016252.html", "2009:1452"], "pluginID": "880713", "description": "Check for the Version of neon", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-09T00:00:00", "title": "CentOS Update for neon CESA-2009:1452 centos5 i386", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880713", "id": "OPENVAS:880713", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for neon CESA-2009:1452 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"neon is an HTTP and WebDAV client library, with a C interface. It provides\n a high-level interface to HTTP and WebDAV methods along with a low-level\n interface for HTTP request handling. neon supports persistent connections,\n proxy servers, basic, digest and Kerberos authentication, and has complete\n SSL support.\n\n It was discovered that neon is affected by the previously published "null\n prefix attack", caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted certificate\n signed by a trusted Certificate Authority, the attacker could use the\n certificate during a man-in-the-middle attack and potentially confuse an\n application using the neon library into accepting it by mistake.\n (CVE-2009-2474)\n \n A denial of service flaw was found in the neon Extensible Markup Language\n (XML) parser. A remote attacker (malicious DAV server) could provide a\n specially-crafted XML document that would cause excessive memory and CPU\n consumption if an application using the neon XML parser was tricked into\n processing it. (CVE-2009-2473)\n \n All neon users should upgrade to these updated packages, which contain\n backported patches to correct these issues. Applications using the neon\n HTTP and WebDAV client library, such as cadaver, must be restarted for this\n update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"neon on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2009-October/016252.html\");\n script_id(880713);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2009:1452\");\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_name(\"CentOS Update for neon CESA-2009:1452 centos5 i386\");\n\n script_summary(\"Check for the Version of neon\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"neon\", rpm:\"neon~0.25.5~10.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"neon-devel\", rpm:\"neon-devel~0.25.5~10.el5_4.1\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:55:37", "references": ["http://www.nessus.org/u?010cc397"], "pluginID": "40683", "description": "This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the 'billion laughs' attack against expat could allow a Denial of Service attack by a malicious server.\n(CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "Fedora 11 : neon-0.28.6-1.fc11 (2009-8815)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:neon", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-8815.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40683", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8815.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40683);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:56 $\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36079);\n script_xref(name:\"FEDORA\", value:\"2009-8815\");\n\n script_name(english:\"Fedora 11 : neon-0.28.6-1.fc11 (2009-8815)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest release of neon, version 0.28.6. This\nfixes two security issues: * the 'billion laughs' attack against expat\ncould allow a Denial of Service attack by a malicious server.\n(CVE-2009-2473) * an embedded NUL byte in a certificate subject name\ncould allow an undetected MITM attack against an SSL server if a\ntrusted CA issues such a cert.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?010cc397\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected neon package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"neon-0.28.6-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"neon\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:40", "references": [], "pluginID": "40764", "description": "Multiple vulnerabilities has been found and corrected in libneon0.27 :\n\nneon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564 (CVE-2009-2473).\n\nneon before 0.28.6, when OpenSSL is used, does not properly handle a '�' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2474).\n\nThis update provides a solution to these vulnerabilities.", "edition": 6, "reporter": "Tenable", "published": "2009-08-25T00:00:00", "title": "Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64neon0.27-static-devel", "cpe:/o:mandriva:linux:2009.0", "cpe:/o:mandriva:linux:2008.1", "p-cpe:/a:mandriva:linux:libneon0.27-devel", "p-cpe:/a:mandriva:linux:lib64neon0.27-devel", "cpe:/o:mandriva:linux:2009.1", "p-cpe:/a:mandriva:linux:lib64neon0.27", "p-cpe:/a:mandriva:linux:libneon0.27", "p-cpe:/a:mandriva:linux:libneon0.27-static-devel"], "id": "MANDRIVA_MDVSA-2009-221.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40764", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:221. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40764);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36079, 36080);\n script_xref(name:\"MDVSA\", value:\"2009:221\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been found and corrected in libneon0.27 :\n\nneon before 0.28.6, when expat is used, does not properly detect\nrecursion during entity expansion, which allows context-dependent\nattackers to cause a denial of service (memory and CPU consumption)\nvia a crafted XML document containing a large number of nested entity\nreferences, a similar issue to CVE-2003-1564 (CVE-2009-2473).\n\nneon before 0.28.6, when OpenSSL is used, does not properly handle a\n'�' (NUL) character in a domain name in the subject's Common Name\n(CN) field of an X.509 certificate, which allows man-in-the-middle\nattackers to spoof arbitrary SSL servers via a crafted certificate\nissued by a legitimate Certification Authority, a related issue to\nCVE-2009-2408 (CVE-2009-2474).\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.27-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.27-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.27-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64neon0.27-0.28.3-0.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64neon0.27-devel-0.28.3-0.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"x86_64\", reference:\"lib64neon0.27-static-devel-0.28.3-0.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libneon0.27-0.28.3-0.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libneon0.27-devel-0.28.3-0.2mdv2008.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.1\", cpu:\"i386\", reference:\"libneon0.27-static-devel-0.28.3-0.2mdv2008.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64neon0.27-0.28.3-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64neon0.27-devel-0.28.3-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"x86_64\", reference:\"lib64neon0.27-static-devel-0.28.3-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libneon0.27-0.28.3-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libneon0.27-devel-0.28.3-1.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", cpu:\"i386\", reference:\"libneon0.27-static-devel-0.28.3-1.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64neon0.27-0.28.3-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64neon0.27-devel-0.28.3-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"x86_64\", reference:\"lib64neon0.27-static-devel-0.28.3-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libneon0.27-0.28.3-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libneon0.27-devel-0.28.3-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", cpu:\"i386\", reference:\"libneon0.27-static-devel-0.28.3-2.1mdv2009.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:00:37", "references": ["http://www.nessus.org/u?881b947f"], "pluginID": "60667", "description": "CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS attack\n\nCVE-2009-2474 neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields\n\nIt was discovered that neon is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse an application using the neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote attacker (malicious DAV server) could provide a specially crafted XML document that would cause excessive memory and CPU consumption if an application using the neon XML parser was tricked into processing it. (CVE-2009-2473)\n\nApplications using the neon HTTP and WebDAV client library, such as cadaver, must be restarted for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : neon on SL4.x, SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2016-12-14T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20090921_NEON_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60667);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2016/12/14 20:33:26 $\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n\n script_name(english:\"Scientific Linux Security Update : neon on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS\nattack\n\nCVE-2009-2474 neon: Improper verification of x509v3 certificate with\nNULL (zero) byte in certain fields\n\nIt was discovered that neon is affected by the previously published\n'null prefix attack', caused by incorrect handling of NULL characters\nin X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse an application using\nthe neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup\nLanguage (XML) parser. A remote attacker (malicious DAV server) could\nprovide a specially crafted XML document that would cause excessive\nmemory and CPU consumption if an application using the neon XML parser\nwas tricked into processing it. (CVE-2009-2473)\n\nApplications using the neon HTTP and WebDAV client library, such as\ncadaver, must be restarted for this update to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind0909&L=scientific-linux-errata&T=0&P=1927\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?881b947f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected neon and / or neon-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"neon-0.24.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"neon-devel-0.24.7-4.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"neon-0.25.5-10.el5_4.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"neon-devel-0.25.5-10.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:47:27", "references": ["http://www.nessus.org/u?e702acf7", "http://www.nessus.org/u?f3f68d62", "http://www.nessus.org/u?7ad30890", "http://www.nessus.org/u?d4a24693"], "pluginID": "43792", "description": "Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.\n\nIt was discovered that neon is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse an application using the neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote attacker (malicious DAV server) could provide a specially crafted XML document that would cause excessive memory and CPU consumption if an application using the neon XML parser was tricked into processing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the neon HTTP and WebDAV client library, such as cadaver, must be restarted for this update to take effect.", "edition": 7, "reporter": "Tenable", "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : neon (CESA-2009:1452)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:neon-devel", "cpe:/o:centos:centos:5", "p-cpe:/a:centos:centos:neon"], "id": "CENTOS_RHSA-2009-1452.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43792", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1452 and \n# CentOS Errata and Security Advisory 2009:1452 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43792);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36079, 36080);\n script_xref(name:\"RHSA\", value:\"2009:1452\");\n\n script_name(english:\"CentOS 4 / 5 : neon (CESA-2009:1452)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated neon packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nneon is an HTTP and WebDAV client library, with a C interface. It\nprovides a high-level interface to HTTP and WebDAV methods along with\na low-level interface for HTTP request handling. neon supports\npersistent connections, proxy servers, basic, digest and Kerberos\nauthentication, and has complete SSL support.\n\nIt was discovered that neon is affected by the previously published\n'null prefix attack', caused by incorrect handling of NULL characters\nin X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse an application using\nthe neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup\nLanguage (XML) parser. A remote attacker (malicious DAV server) could\nprovide a specially crafted XML document that would cause excessive\nmemory and CPU consumption if an application using the neon XML parser\nwas tricked into processing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the\nneon HTTP and WebDAV client library, such as cadaver, must be\nrestarted for this update to take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016252.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ad30890\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-October/016253.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3f68d62\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e702acf7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2009-September/016168.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d4a24693\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected neon packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:neon-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"neon-0.24.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"neon-0.24.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"neon-devel-0.24.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"neon-devel-0.24.7-4.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"neon-0.25.5-10.el5_4.1\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"neon-devel-0.25.5-10.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-13T16:58:20", "references": ["https://www.redhat.com/security/data/cve/CVE-2009-2473.html", "https://www.redhat.com/security/data/cve/CVE-2009-2474.html", "https://access.redhat.com/errata/RHSA-2009:1452"], "pluginID": "41031", "description": "Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.\n\nIt was discovered that neon is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse an application using the neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote attacker (malicious DAV server) could provide a specially crafted XML document that would cause excessive memory and CPU consumption if an application using the neon XML parser was tricked into processing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the neon HTTP and WebDAV client library, such as cadaver, must be restarted for this update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2009-09-22T00:00:00", "title": "RHEL 4 / 5 : neon (RHSA-2009:1452)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:neon-devel", "p-cpe:/a:redhat:enterprise_linux:neon", "cpe:/o:redhat:enterprise_linux:4.8", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2009-1452.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41031", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1452. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41031);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/10 11:49:50\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36079, 36080);\n script_xref(name:\"RHSA\", value:\"2009:1452\");\n\n script_name(english:\"RHEL 4 / 5 : neon (RHSA-2009:1452)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated neon packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nneon is an HTTP and WebDAV client library, with a C interface. It\nprovides a high-level interface to HTTP and WebDAV methods along with\na low-level interface for HTTP request handling. neon supports\npersistent connections, proxy servers, basic, digest and Kerberos\nauthentication, and has complete SSL support.\n\nIt was discovered that neon is affected by the previously published\n'null prefix attack', caused by incorrect handling of NULL characters\nin X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse an application using\nthe neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup\nLanguage (XML) parser. A remote attacker (malicious DAV server) could\nprovide a specially crafted XML document that would cause excessive\nmemory and CPU consumption if an application using the neon XML parser\nwas tricked into processing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the\nneon HTTP and WebDAV client library, such as cadaver, must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2473.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-2474.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1452\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected neon and / or neon-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:neon-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1452\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"neon-0.24.7-4.el4_8.2\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"neon-devel-0.24.7-4.el4_8.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"neon-0.25.5-10.el5_4.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"neon-devel-0.25.5-10.el5_4.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"neon / neon-devel\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:58:09", "references": ["https://oss.oracle.com/pipermail/el-errata/2009-September/001157.html", "https://oss.oracle.com/pipermail/el-errata/2009-September/001158.html"], "pluginID": "67927", "description": "From Red Hat Security Advisory 2009:1452 :\n\nUpdated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nneon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support.\n\nIt was discovered that neon is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse an application using the neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote attacker (malicious DAV server) could provide a specially crafted XML document that would cause excessive memory and CPU consumption if an application using the neon XML parser was tricked into processing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the neon HTTP and WebDAV client library, such as cadaver, must be restarted for this update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : neon (ELSA-2009-1452)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2016-12-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:neon", "p-cpe:/a:oracle:linux:neon-devel", "cpe:/o:oracle:linux:5", "cpe:/o:oracle:linux:4"], "id": "ORACLELINUX_ELSA-2009-1452.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67927", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1452 and \n# Oracle Linux Security Advisory ELSA-2009-1452 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67927);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/07 20:57:51 $\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36079, 36080);\n script_xref(name:\"RHSA\", value:\"2009:1452\");\n\n script_name(english:\"Oracle Linux 4 / 5 : neon (ELSA-2009-1452)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1452 :\n\nUpdated neon packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nneon is an HTTP and WebDAV client library, with a C interface. It\nprovides a high-level interface to HTTP and WebDAV methods along with\na low-level interface for HTTP request handling. neon supports\npersistent connections, proxy servers, basic, digest and Kerberos\nauthentication, and has complete SSL support.\n\nIt was discovered that neon is affected by the previously published\n'null prefix attack', caused by incorrect handling of NULL characters\nin X.509 certificates. If an attacker is able to get a\ncarefully-crafted certificate signed by a trusted Certificate\nAuthority, the attacker could use the certificate during a\nman-in-the-middle attack and potentially confuse an application using\nthe neon library into accepting it by mistake. (CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup\nLanguage (XML) parser. A remote attacker (malicious DAV server) could\nprovide a specially crafted XML document that would cause excessive\nmemory and CPU consumption if an application using the neon XML parser\nwas tricked into processing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the\nneon HTTP and WebDAV client library, such as cadaver, must be\nrestarted for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-September/001157.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-September/001158.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected neon packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:neon-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"neon-0.24.7-4.el4_8.2\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"neon-devel-0.24.7-4.el4_8.2\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"neon-0.25.5-10.el5_4.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"neon-devel-0.25.5-10.el5_4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"neon / neon-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:46:48", "references": ["http://www.nessus.org/u?a0760b27", "https://bugzilla.redhat.com/show_bug.cgi?id=502451"], "pluginID": "40677", "description": "This update includes the latest release of neon, version 0.28.6. This fixes two security issues: * the 'billion laughs' attack against expat could allow a Denial of Service attack by a malicious server.\n(CVE-2009-2473) * an embedded NUL byte in a certificate subject name could allow an undetected MITM attack against an SSL server if a trusted CA issues such a cert. Several bug fixes are also included, notably: * X.509v1 CA certificates are trusted by default * Fix handling of some PKCS#12 certificates\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2009-08-24T00:00:00", "title": "Fedora 10 : neon-0.28.6-1.fc10 (2009-8794)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2016-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:neon"], "id": "FEDORA_2009-8794.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8794.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40677);\n script_version (\"$Revision: 1.16 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:56 $\");\n\n script_cve_id(\"CVE-2009-2473\", \"CVE-2009-2474\");\n script_bugtraq_id(36079);\n script_xref(name:\"FEDORA\", value:\"2009-8794\");\n\n script_name(english:\"Fedora 10 : neon-0.28.6-1.fc10 (2009-8794)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes the latest release of neon, version 0.28.6. This\nfixes two security issues: * the 'billion laughs' attack against expat\ncould allow a Denial of Service attack by a malicious server.\n(CVE-2009-2473) * an embedded NUL byte in a certificate subject name\ncould allow an undetected MITM attack against an SSL server if a\ntrusted CA issues such a cert. Several bug fixes are also included,\nnotably: * X.509v1 CA certificates are trusted by default * Fix\nhandling of some PKCS#12 certificates\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=502451\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028194.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0760b27\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected neon package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:neon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"neon-0.28.6-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"neon\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:21", "references": [], "pluginID": "43018", "description": "A vulnerability has been found and corrected in libneo :\n\nneon before 0.28.6, when OpenSSL is used, does not properly handle a '�' (NUL) character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2474).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0 customers\n\nThis update provides a solution to these vulnerabilities.", "edition": 5, "reporter": "Tenable", "published": "2009-12-07T00:00:00", "title": "Mandriva Linux Security Advisory : libneon (MDVSA-2009:315)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2474"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:libneon0.26-devel", "p-cpe:/a:mandriva:linux:lib64neon0.26-devel", "p-cpe:/a:mandriva:linux:libneon0.24-static-devel", "p-cpe:/a:mandriva:linux:libneon0.24-devel", "p-cpe:/a:mandriva:linux:lib64neon0.26-static-devel", "p-cpe:/a:mandriva:linux:libneon0.24", "cpe:/o:mandriva:linux:2008.0", "p-cpe:/a:mandriva:linux:lib64neon0.26", "p-cpe:/a:mandriva:linux:libneon0.26", "p-cpe:/a:mandriva:linux:lib64neon0.24", "p-cpe:/a:mandriva:linux:lib64neon0.24-devel", "p-cpe:/a:mandriva:linux:libneon0.26-static-devel", "p-cpe:/a:mandriva:linux:lib64neon0.24-static-devel"], "id": "MANDRIVA_MDVSA-2009-315.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43018", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:315. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43018);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/19 20:59:16\");\n\n script_cve_id(\"CVE-2009-2474\");\n script_bugtraq_id(36079);\n script_xref(name:\"MDVSA\", value:\"2009:315\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libneon (MDVSA-2009:315)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in libneo :\n\nneon before 0.28.6, when OpenSSL is used, does not properly handle a\n'�' (NUL) character in a domain name in the subject's Common Name\n(CN) field of an X.509 certificate, which allows man-in-the-middle\nattackers to spoof arbitrary SSL servers via a crafted certificate\nissued by a legitimate Certification Authority, a related issue to\nCVE-2009-2408 (CVE-2009-2474).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\n\nThis update provides a solution to these vulnerabilities.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.24-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64neon0.26-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.24-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.26-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libneon0.26-static-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64neon0.24-0.24.7-19.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64neon0.24-devel-0.24.7-19.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64neon0.24-static-devel-0.24.7-19.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64neon0.26-0.26.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64neon0.26-devel-0.26.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64neon0.26-static-devel-0.26.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libneon0.24-0.24.7-19.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libneon0.24-devel-0.24.7-19.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libneon0.24-static-devel-0.24.7-19.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libneon0.26-0.26.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libneon0.26-devel-0.26.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libneon0.26-static-devel-0.26.4-2.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:33:08", "references": ["https://oss.oracle.com/pipermail/el-errata/2013-January/003202.html"], "pluginID": "68702", "description": "From Red Hat Security Advisory 2013:0131 :\n\nUpdated gnome-vfs2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages.\n\nA denial of service flaw was found in the neon Extensible Markup Language (XML) parser. Visiting a malicious DAV server with an application using gnome-vfs2 (such as Nautilus) could possibly cause the application to consume an excessive amount of CPU and memory.\n(CVE-2009-2473)\n\nThis update also fixes the following bugs :\n\n* When extracted from the Uniform Resource Identifier (URI), gnome-vfs2 returned escaped file paths. If a path, as stored in the URI, contained non-ASCII characters or ASCII characters which are parsed as something other than a file path (for example, spaces), the escaped path was inaccurate. Consequently, files with the described type of URI could not be processed. With this update, gnome-vfs2 properly unescapes paths that are required for a system call. As a result, these paths are parsed properly. (BZ#580855)\n\n* In certain cases, the trash info file was populated by foreign entries, pointing to live data. Emptying the trash caused an accidental deletion of valuable data. With this update, a workaround has been applied in order to prevent the deletion. As a result, the accidental data loss is prevented, however further information is still gathered to fully fix this problem. (BZ#586015)\n\n* Due to a wrong test checking for a destination file system, the Nautilus file manager failed to delete a symbolic link to a folder which was residing in another file system. With this update, a special test has been added. As a result, a symbolic link pointing to another file system can be trashed or deleted properly. (BZ#621394)\n\n* Prior to this update, when directories without a read permission were marked for copy, the Nautilus file manager skipped these unreadable directories without notification. With this update, Nautilus displays an error message and properly informs the user about the aforementioned problem. (BZ#772307)\n\n* Previously, gnome-vfs2 used the stat() function calls for every file on the MultiVersion File System (MVFS), used for example by IBM Rational ClearCase. This behavior significantly slowed down file operations. With this update, the unnecessary stat() operations have been limited. As a result, gnome-vfs2 user interfaces, such as Nautilus, are more responsive. (BZ#822817)\n\nAll gnome-vfs2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : gnome-vfs2 (ELSA-2013-0131)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473"], "modified": "2018-07-18T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gnome-vfs2", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:gnome-vfs2-devel", "p-cpe:/a:oracle:linux:gnome-vfs2-smb"], "id": "ORACLELINUX_ELSA-2013-0131.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0131 and \n# Oracle Linux Security Advisory ELSA-2013-0131 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68702);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:57\");\n\n script_cve_id(\"CVE-2009-2473\");\n script_bugtraq_id(36080);\n script_xref(name:\"RHSA\", value:\"2013:0131\");\n\n script_name(english:\"Oracle Linux 5 : gnome-vfs2 (ELSA-2013-0131)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0131 :\n\nUpdated gnome-vfs2 packages that fix one security issue and several\nbugs are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe gnome-vfs2 packages provide the GNOME Virtual File System, which\nis the foundation of the Nautilus file manager. neon is an HTTP and\nWebDAV client library embedded in the gnome-vfs2 packages.\n\nA denial of service flaw was found in the neon Extensible Markup\nLanguage (XML) parser. Visiting a malicious DAV server with an\napplication using gnome-vfs2 (such as Nautilus) could possibly cause\nthe application to consume an excessive amount of CPU and memory.\n(CVE-2009-2473)\n\nThis update also fixes the following bugs :\n\n* When extracted from the Uniform Resource Identifier (URI),\ngnome-vfs2 returned escaped file paths. If a path, as stored in the\nURI, contained non-ASCII characters or ASCII characters which are\nparsed as something other than a file path (for example, spaces), the\nescaped path was inaccurate. Consequently, files with the described\ntype of URI could not be processed. With this update, gnome-vfs2\nproperly unescapes paths that are required for a system call. As a\nresult, these paths are parsed properly. (BZ#580855)\n\n* In certain cases, the trash info file was populated by foreign\nentries, pointing to live data. Emptying the trash caused an\naccidental deletion of valuable data. With this update, a workaround\nhas been applied in order to prevent the deletion. As a result, the\naccidental data loss is prevented, however further information is\nstill gathered to fully fix this problem. (BZ#586015)\n\n* Due to a wrong test checking for a destination file system, the\nNautilus file manager failed to delete a symbolic link to a folder\nwhich was residing in another file system. With this update, a special\ntest has been added. As a result, a symbolic link pointing to another\nfile system can be trashed or deleted properly. (BZ#621394)\n\n* Prior to this update, when directories without a read permission\nwere marked for copy, the Nautilus file manager skipped these\nunreadable directories without notification. With this update,\nNautilus displays an error message and properly informs the user about\nthe aforementioned problem. (BZ#772307)\n\n* Previously, gnome-vfs2 used the stat() function calls for every file\non the MultiVersion File System (MVFS), used for example by IBM\nRational ClearCase. This behavior significantly slowed down file\noperations. With this update, the unnecessary stat() operations have\nbeen limited. As a result, gnome-vfs2 user interfaces, such as\nNautilus, are more responsive. (BZ#822817)\n\nAll gnome-vfs2 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-January/003202.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnome-vfs2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-vfs2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-vfs2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnome-vfs2-smb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnome-vfs2-2.16.2-10.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-vfs2-devel-2.16.2-10.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnome-vfs2-smb-2.16.2-10.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnome-vfs2 / gnome-vfs2-devel / gnome-vfs2-smb\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:06:39", "references": ["http://www.nessus.org/u?c2e72bf5"], "pluginID": "63594", "description": "A denial of service flaw was found in the neon Extensible Markup Language (XML) parser. Visiting a malicious DAV server with an application using gnome-vfs2 (such as Nautilus) could possibly cause the application to consume an excessive amount of CPU and memory.\n(CVE-2009-2473)\n\nThis update also fixes the following bugs :\n\n - When extracted from the Uniform Resource Identifier (URI), gnome-vfs2 returned escaped file paths. If a path, as stored in the URI, contained non- ASCII characters or ASCII characters which are parsed as something other than a file path (for example, spaces), the escaped path was inaccurate. Consequently, files with the described type of URI could not be processed.\n With this update, gnome-vfs2 properly unescapes paths that are required for a system call. As a result, these paths are parsed properly.\n\n - In certain cases, the trash info file was populated by foreign entries, pointing to live data. Emptying the trash caused an accidental deletion of valuable data.\n With this update, a workaround has been applied in order to prevent the deletion. As a result, the accidental data loss is prevented, however further information is still gathered to fully fix this problem.\n\n - Due to a wrong test checking for a destination file system, the Nautilus file manager failed to delete a symbolic link to a folder which was residing in another file system. With this update, a special test has been added. As a result, a symbolic link pointing to another file system can be trashed or deleted properly.\n\n - Prior to this update, when directories without a read permission were marked for copy, the Nautilus file manager skipped these unreadable directories without notification. With this update, Nautilus displays an error message and properly informs the user about the aforementioned problem.\n\n - Previously, gnome-vfs2 used the stat() function calls for every file on the MultiVersion File System (MVFS), used for example by IBM Rational ClearCase. This behavior significantly slowed down file operations. With this update, the unnecessary stat() operations have been limited. As a result, gnome-vfs2 user interfaces, such as Nautilus, are more responsive.", "edition": 4, "reporter": "Tenable", "published": "2013-01-17T00:00:00", "title": "Scientific Linux Security Update : gnome-vfs2 on SL5.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2473"], "modified": "2013-01-17T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20130108_GNOME_VFS2_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63594);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2013/01/17 14:07:22 $\");\n\n script_cve_id(\"CVE-2009-2473\");\n\n script_name(english:\"Scientific Linux Security Update : gnome-vfs2 on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the neon Extensible Markup\nLanguage (XML) parser. Visiting a malicious DAV server with an\napplication using gnome-vfs2 (such as Nautilus) could possibly cause\nthe application to consume an excessive amount of CPU and memory.\n(CVE-2009-2473)\n\nThis update also fixes the following bugs :\n\n - When extracted from the Uniform Resource Identifier\n (URI), gnome-vfs2 returned escaped file paths. If a\n path, as stored in the URI, contained non- ASCII\n characters or ASCII characters which are parsed as\n something other than a file path (for example, spaces),\n the escaped path was inaccurate. Consequently, files\n with the described type of URI could not be processed.\n With this update, gnome-vfs2 properly unescapes paths\n that are required for a system call. As a result, these\n paths are parsed properly.\n\n - In certain cases, the trash info file was populated by\n foreign entries, pointing to live data. Emptying the\n trash caused an accidental deletion of valuable data.\n With this update, a workaround has been applied in order\n to prevent the deletion. As a result, the accidental\n data loss is prevented, however further information is\n still gathered to fully fix this problem.\n\n - Due to a wrong test checking for a destination file\n system, the Nautilus file manager failed to delete a\n symbolic link to a folder which was residing in another\n file system. With this update, a special test has been\n added. As a result, a symbolic link pointing to another\n file system can be trashed or deleted properly.\n\n - Prior to this update, when directories without a read\n permission were marked for copy, the Nautilus file\n manager skipped these unreadable directories without\n notification. With this update, Nautilus displays an\n error message and properly informs the user about the\n aforementioned problem.\n\n - Previously, gnome-vfs2 used the stat() function calls\n for every file on the MultiVersion File System (MVFS),\n used for example by IBM Rational ClearCase. This\n behavior significantly slowed down file operations. With\n this update, the unnecessary stat() operations have been\n limited. As a result, gnome-vfs2 user interfaces, such\n as Nautilus, are more responsive.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1301&L=scientific-linux-errata&T=0&P=1703\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2e72bf5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnome-vfs2-2.16.2-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnome-vfs2-debuginfo-2.16.2-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnome-vfs2-devel-2.16.2-10.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnome-vfs2-smb-2.16.2-10.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:46:39", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "i386", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "i386", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "x86_64", "packageFilename": "neon-0.24.7-4.el4_8.2.x86_64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ia64", "packageFilename": "neon-0.24.7-4.el4_8.2.ia64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ia64", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.ia64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "i386", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "i386", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "src", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "src", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "src", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ia64", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.ia64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "x86_64", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.x86_64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "i386", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "i386", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "i386", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "x86_64", "packageFilename": "neon-0.25.5-10.el5_4.1.x86_64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "i386", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.i386.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "x86_64", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.x86_64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "src", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "src", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "src", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ia64", "packageFilename": "neon-0.25.5-10.el5_4.1.ia64.rpm", "packageName": "neon", "operator": "lt"}], "description": "[0.25.5-10.el5_4.1]\n- add security fixes for CVE-2009-2473 CVE-2009-2474 (#521788)", "edition": 3, "reporter": "Oracle", "published": "2009-09-21T00:00:00", "title": "neon security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2009-09-21T00:00:00", "id": "ELSA-2009-1452", "href": "http://linux.oracle.com/errata/ELSA-2009-1452.html", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:48:14", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "src", "packageFilename": "gnome-vfs2-2.16.2-10.el5.src.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "src", "packageFilename": "gnome-vfs2-2.16.2-10.el5.src.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "src", "packageFilename": "gnome-vfs2-2.16.2-10.el5.src.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}], "description": "[2.16.2-10.el5]\r\n- Prevent trash applet crashing (#848822)\r\n \n[2.16.2-9.el5]\r\n- Prevent deleting items linking out of the trash (#586015)\r\n- Do not stat every file on an ClearCase mvfs filesystem (#822817)\r\n- Do not silently skip directory having no read permission during copy (#772307)\r\n- Allow trashing symlink to filesystem root that does not support trashing (#621394)\r\n- CVE-2009-2473 gnome-vfs2 embedded neon: billion laughs DoS attack (#540548)", "edition": 3, "reporter": "Oracle", "published": "2013-01-11T00:00:00", "title": "gnome-vfs2 security and bug fix update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473"], "modified": "2013-01-11T00:00:00", "id": "ELSA-2013-0131", "href": "http://linux.oracle.com/errata/ELSA-2013-0131.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "references": ["https://vulners.com/securityvulns/securityvulns:doc:22379"], "description": "Invalid NULL character processing in CN field.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-08-25T00:00:00", "title": "libneon certificate spoofing", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:33", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "modified": "2009-08-25T00:00:00", "id": "SECURITYVULNS:VULN:10183", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10183", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:31", "references": [], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:221\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : libneon0.27\r\n Date : August 24, 2009\r\n Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been found and corrected in libneon0.27:\r\n \r\n neon before 0.28.6, when expat is used, does not properly detect\r\n recursion during entity expansion, which allows context-dependent\r\n attackers to cause a denial of service (memory and CPU consumption)\r\n via a crafted XML document containing a large number of nested entity\r\n references, a similar issue to CVE-2003-1564 (CVE-2009-2473).\r\n \r\n neon before 0.28.6, when OpenSSL is used, does not properly handle a\r\n '\0' (NUL) character in a domain name in the subject's Common Name\r\n (CN) field of an X.509 certificate, which allows man-in-the-middle\r\n attackers to spoof arbitrary SSL servers via a crafted certificate\r\n issued by a legitimate Certification Authority, a related issue to\r\n CVE-2009-2408 (CVE-2009-2474).\r\n \r\n This update provides a solution to these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2473\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2474\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n 26729257d5b2255a8a6242cfe6931dc9 2008.1/i586/libneon0.27-0.28.3-0.2mdv2008.1.i586.rpm\r\n 992af0611f69a2e4043f29faf50de608 2008.1/i586/libneon0.27-devel-0.28.3-0.2mdv2008.1.i586.rpm\r\n 71e83652b0aa875f404ecf0df9409184 2008.1/i586/libneon0.27-static-devel-0.28.3-0.2mdv2008.1.i586.rpm \r\n a4b59dd8d54e66de85f70186c7726269 2008.1/SRPMS/libneon0.27-0.28.3-0.2mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 56eb9b74f3e2202ac683377a16799c70 2008.1/x86_64/lib64neon0.27-0.28.3-0.2mdv2008.1.x86_64.rpm\r\n f688d9a1285f19e7b80997b52a147a60 2008.1/x86_64/lib64neon0.27-devel-0.28.3-0.2mdv2008.1.x86_64.rpm\r\n 08f5058e8dc35470e8cdc8cf9cb16381 2008.1/x86_64/lib64neon0.27-static-devel-0.28.3-0.2mdv2008.1.x86_64.rpm \r\n a4b59dd8d54e66de85f70186c7726269 2008.1/SRPMS/libneon0.27-0.28.3-0.2mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n 9bf34661a2420bd2402cafc4565a2587 2009.0/i586/libneon0.27-0.28.3-1.1mdv2009.0.i586.rpm\r\n f6ed581464940115491ec68cacafe859 2009.0/i586/libneon0.27-devel-0.28.3-1.1mdv2009.0.i586.rpm\r\n db2dc25faa186ceb3394af63a9e2d0e6 2009.0/i586/libneon0.27-static-devel-0.28.3-1.1mdv2009.0.i586.rpm \r\n 14cbfad698a74067a74199807e8c9282 2009.0/SRPMS/libneon0.27-0.28.3-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 3a86cf10f1df3feaea91ae64e28f3e8d 2009.0/x86_64/lib64neon0.27-0.28.3-1.1mdv2009.0.x86_64.rpm\r\n 872195ee41e00405d03ab18010bd15d9 2009.0/x86_64/lib64neon0.27-devel-0.28.3-1.1mdv2009.0.x86_64.rpm\r\n f841222c663bc8506e6e0e87a165c6b7 2009.0/x86_64/lib64neon0.27-static-devel-0.28.3-1.1mdv2009.0.x86_64.rpm \r\n 14cbfad698a74067a74199807e8c9282 2009.0/SRPMS/libneon0.27-0.28.3-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 14c6caacb5e2b3f9e0a2e7b7924ba1e3 2009.1/i586/libneon0.27-0.28.3-2.1mdv2009.1.i586.rpm\r\n 242e3182440acc212408d03d27ba9a08 2009.1/i586/libneon0.27-devel-0.28.3-2.1mdv2009.1.i586.rpm\r\n 71701b0c1b6931979cb6eabe377522aa 2009.1/i586/libneon0.27-static-devel-0.28.3-2.1mdv2009.1.i586.rpm \r\n 58bd3f3f6ac9178d9e4903fa88fd5862 2009.1/SRPMS/libneon0.27-0.28.3-2.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 5ac6a8cefa50849e32957b821ec1ef8c 2009.1/x86_64/lib64neon0.27-0.28.3-2.1mdv2009.1.x86_64.rpm\r\n 5b801b45bf9d73a59b7eb0a4b350431f 2009.1/x86_64/lib64neon0.27-devel-0.28.3-2.1mdv2009.1.x86_64.rpm\r\n 72e5bce2285b22ccd6b6f68c8c47bff8 2009.1/x86_64/lib64neon0.27-static-devel-0.28.3-2.1mdv2009.1.x86_64.rpm \r\n 58bd3f3f6ac9178d9e4903fa88fd5862 2009.1/SRPMS/libneon0.27-0.28.3-2.1mdv2009.1.src.rpm\r\n\r\n Corporate 4.0:\r\n 6c92c285d835d3d283c820bbe14fa013 corporate/4.0/i586/libneon0.27-0.28.3-0.2.20060mlcs4.i586.rpm\r\n ae72e53a686010d7b31e56bee90000e5 corporate/4.0/i586/libneon0.27-devel-0.28.3-0.2.20060mlcs4.i586.rpm\r\n 1814371725d85bb607af694a074fc816 corporate/4.0/i586/libneon0.27-static-devel-0.28.3-0.2.20060mlcs4.i586.rpm \r\n 617b5c9c0bf440531b571e34409023b3 corporate/4.0/SRPMS/libneon0.27-0.28.3-0.2.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 9db63260cab1c01d8f6e3882f719a8a6 corporate/4.0/x86_64/lib64neon0.27-0.28.3-0.2.20060mlcs4.x86_64.rpm\r\n 526df150c547d98fdeeda8241774bcbf corporate/4.0/x86_64/lib64neon0.27-devel-0.28.3-0.2.20060mlcs4.x86_64.rpm\r\n 02fa7448bb3a59c6f0947a2e96983813 corporate/4.0/x86_64/lib64neon0.27-static-devel-0.28.3-0.2.20060mlcs4.x86_64.rpm \r\n 617b5c9c0bf440531b571e34409023b3 corporate/4.0/SRPMS/libneon0.27-0.28.3-0.2.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n a2209a398a7f98673c5bd459dfa1fd58 mes5/i586/libneon0.27-0.28.3-1.1mdvmes5.i586.rpm\r\n 18631025bb665c21dcbd4ef75986dc2f mes5/i586/libneon0.27-devel-0.28.3-1.1mdvmes5.i586.rpm\r\n b216b56ea349e57db0bd1a06791c1192 mes5/i586/libneon0.27-static-devel-0.28.3-1.1mdvmes5.i586.rpm \r\n 2cd59a4c7297629446c6c0779363d6fd mes5/SRPMS/libneon0.27-0.28.3-1.1mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n ee892ef74cca60e827899a0d9e06c8cd mes5/x86_64/lib64neon0.27-0.28.3-1.1mdvmes5.x86_64.rpm\r\n db0c1a9ab2315bf05dc35382349d4534 mes5/x86_64/lib64neon0.27-devel-0.28.3-1.1mdvmes5.x86_64.rpm\r\n 0c131d6264ef181e0b3870c8eb438b36 mes5/x86_64/lib64neon0.27-static-devel-0.28.3-1.1mdvmes5.x86_64.rpm \r\n 2cd59a4c7297629446c6c0779363d6fd mes5/SRPMS/libneon0.27-0.28.3-1.1mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFKkvLkmqjQ0CJFipgRAq6qAJ9cjtiGVrF46gPqCQlUYpyiTrM/uwCgm9Wp\r\n0gkprOAZM9dbBhPRDNeWeEs=\r\n=E/sr\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-08-25T00:00:00", "title": "[ MDVSA-2009:221 ] libneon0.27", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:31", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-2408", "CVE-2009-2473", "CVE-2009-2474", "CVE-2003-1564"], "modified": "2009-08-25T00:00:00", "id": "SECURITYVULNS:DOC:22379", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22379", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "references": [], "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user's Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2010-11-18T00:00:00", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:37", "vector": "NONE", "value": 9.3}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178"], "modified": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2017-09-09T07:20:08", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "i386", "packageFilename": "neon-0.24.7-4.el4_8.2.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "i386", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.i386.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "src", "packageFilename": "neon-0.24.7-4.el4_8.2.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ia64", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.ia64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ia64", "packageFilename": "neon-0.24.7-4.el4_8.2.ia64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "x86_64", "packageFilename": "neon-0.24.7-4.el4_8.2.x86_64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "x86_64", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.x86_64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ppc", "packageFilename": "neon-0.24.7-4.el4_8.2.ppc.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ppc", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.ppc.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "ppc64", "packageFilename": "neon-0.24.7-4.el4_8.2.ppc64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "s390", "packageFilename": "neon-0.24.7-4.el4_8.2.s390.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "s390", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.s390.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "s390x", "packageFilename": "neon-devel-0.24.7-4.el4_8.2.s390x.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "0.24.7-4.el4_8.2", "arch": "s390x", "packageFilename": "neon-0.24.7-4.el4_8.2.s390x.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "i386", "packageFilename": "neon-0.25.5-10.el5_4.1.i386.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "src", "packageFilename": "neon-0.25.5-10.el5_4.1.src.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "x86_64", "packageFilename": "neon-0.25.5-10.el5_4.1.x86_64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ppc64", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.ppc64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ppc", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.ppc.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ppc64", "packageFilename": "neon-0.25.5-10.el5_4.1.ppc64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ppc", "packageFilename": "neon-0.25.5-10.el5_4.1.ppc.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "s390", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.s390.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "s390", "packageFilename": "neon-0.25.5-10.el5_4.1.s390.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "s390x", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.s390x.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "s390x", "packageFilename": "neon-0.25.5-10.el5_4.1.s390x.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "i386", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.i386.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "x86_64", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.x86_64.rpm", "packageName": "neon-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ia64", "packageFilename": "neon-0.25.5-10.el5_4.1.ia64.rpm", "packageName": "neon", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "0.25.5-10.el5_4.1", "arch": "ia64", "packageFilename": "neon-devel-0.25.5-10.el5_4.1.ia64.rpm", "packageName": "neon-devel", "operator": "lt"}], "description": "neon is an HTTP and WebDAV client library, with a C interface. It provides\na high-level interface to HTTP and WebDAV methods along with a low-level\ninterface for HTTP request handling. neon supports persistent connections,\nproxy servers, basic, digest and Kerberos authentication, and has complete\nSSL support.\n\nIt was discovered that neon is affected by the previously published \"null\nprefix attack\", caused by incorrect handling of NULL characters in X.509\ncertificates. If an attacker is able to get a carefully-crafted certificate\nsigned by a trusted Certificate Authority, the attacker could use the\ncertificate during a man-in-the-middle attack and potentially confuse an\napplication using the neon library into accepting it by mistake.\n(CVE-2009-2474)\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. A remote attacker (malicious DAV server) could provide a\nspecially-crafted XML document that would cause excessive memory and CPU\nconsumption if an application using the neon XML parser was tricked into\nprocessing it. (CVE-2009-2473)\n\nAll neon users should upgrade to these updated packages, which contain\nbackported patches to correct these issues. Applications using the neon\nHTTP and WebDAV client library, such as cadaver, must be restarted for this\nupdate to take effect.", "reporter": "RedHat", "published": "2009-09-21T04:00:00", "type": "redhat", "title": "(RHSA-2009:1452) Moderate: neon security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473", "CVE-2009-2474"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:56:40", "id": "RHSA-2009:1452", "href": "https://access.redhat.com/errata/RHSA-2009:1452", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-09-09T07:20:10", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "src", "packageFilename": "gnome-vfs2-2.16.2-10.el5.src.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc64", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.ppc64.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.ppc.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.s390.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390x", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.s390x.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc", "packageFilename": "gnome-vfs2-2.16.2-10.el5.ppc.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.ppc.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc64", "packageFilename": "gnome-vfs2-2.16.2-10.el5.ppc64.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.ppc.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc64", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.ppc64.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ppc64", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.ppc64.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390", "packageFilename": "gnome-vfs2-2.16.2-10.el5.s390.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390x", "packageFilename": "gnome-vfs2-2.16.2-10.el5.s390x.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.s390.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390x", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.s390x.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "s390x", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.s390x.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-debuginfo-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2-debuginfo", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.i386.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.x86_64.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2-smb", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "ia64", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.ia64.rpm", "packageName": "gnome-vfs2-devel", "operator": "lt"}], "description": "The gnome-vfs2 packages provide the GNOME Virtual File System, which is the\nfoundation of the Nautilus file manager. neon is an HTTP and WebDAV client\nlibrary embedded in the gnome-vfs2 packages.\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. Visiting a malicious DAV server with an application using\ngnome-vfs2 (such as Nautilus) could possibly cause the application to\nconsume an excessive amount of CPU and memory. (CVE-2009-2473)\n\nThis update also fixes the following bugs:\n\n* When extracted from the Uniform Resource Identifier (URI), gnome-vfs2\nreturned escaped file paths. If a path, as stored in the URI,\ncontained non-ASCII characters or ASCII characters which are parsed as\nsomething other than a file path (for example, spaces), the escaped path\nwas inaccurate. Consequently, files with the described type of URI could\nnot be processed. With this update, gnome-vfs2 properly unescapes paths\nthat are required for a system call. As a result, these paths are parsed\nproperly. (BZ#580855)\n\n* In certain cases, the trash info file was populated by foreign\nentries, pointing to live data. Emptying the trash caused an accidental\ndeletion of valuable data. With this update, a workaround has been applied\nin order to prevent the deletion. As a result, the accidental data loss is\nprevented, however further information is still gathered to fully fix this\nproblem. (BZ#586015)\n\n* Due to a wrong test checking for a destination file system, the Nautilus\nfile manager failed to delete a symbolic link to a folder which was\nresiding in another file system. With this update, a special test has been\nadded. As a result, a symbolic link pointing to another file system can be\ntrashed or deleted properly. (BZ#621394)\n\n* Prior to this update, when directories without a read permission were\nmarked for copy, the Nautilus file manager skipped these unreadable\ndirectories without notification. With this update, Nautilus displays an\nerror message and properly informs the user about the aforementioned\nproblem. (BZ#772307)\n\n* Previously, gnome-vfs2 used the stat() function calls for every file on\nthe MultiVersion File System (MVFS), used for example by IBM Rational\nClearCase. This behavior significantly slowed down file operations. With\nthis update, the unnecessary stat() operations have been limited. As a\nresult, gnome-vfs2 user interfaces, such as Nautilus, are more responsive.\n(BZ#822817)\n\nAll gnome-vfs2 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n", "reporter": "RedHat", "published": "2013-01-08T05:00:00", "type": "redhat", "title": "(RHSA-2013:0131) Low: gnome-vfs2 security and bug fix update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:51:15", "id": "RHSA-2013:0131", "href": "https://access.redhat.com/errata/RHSA-2013:0131", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2018-04-04T12:59:58", "references": ["https://rhn.redhat.com/errata/RHSA-2013-0131.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageName": "gnome-vfs2", "packageFilename": "gnome-vfs2-2.16.2-10.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "any", "packageName": "gnome-vfs2", "packageFilename": "gnome-vfs2-2.16.2-10.el5.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageName": "gnome-vfs2-smb", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageName": "gnome-vfs2", "packageFilename": "gnome-vfs2-2.16.2-10.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageName": "gnome-vfs2", "packageFilename": "gnome-vfs2-2.16.2-10.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageName": "gnome-vfs2-devel", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "i386", "packageName": "gnome-vfs2-devel", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageName": "gnome-vfs2-devel", "packageFilename": "gnome-vfs2-devel-2.16.2-10.el5.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "5", "packageVersion": "2.16.2-10.el5", "arch": "x86_64", "packageName": "gnome-vfs2-smb", "packageFilename": "gnome-vfs2-smb-2.16.2-10.el5.x86_64.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2013:0131\n\n\nThe gnome-vfs2 packages provide the GNOME Virtual File System, which is the\nfoundation of the Nautilus file manager. neon is an HTTP and WebDAV client\nlibrary embedded in the gnome-vfs2 packages.\n\nA denial of service flaw was found in the neon Extensible Markup Language\n(XML) parser. Visiting a malicious DAV server with an application using\ngnome-vfs2 (such as Nautilus) could possibly cause the application to\nconsume an excessive amount of CPU and memory. (CVE-2009-2473)\n\nThis update also fixes the following bugs:\n\n* When extracted from the Uniform Resource Identifier (URI), gnome-vfs2\nreturned escaped file paths. If a path, as stored in the URI,\ncontained non-ASCII characters or ASCII characters which are parsed as\nsomething other than a file path (for example, spaces), the escaped path\nwas inaccurate. Consequently, files with the described type of URI could\nnot be processed. With this update, gnome-vfs2 properly unescapes paths\nthat are required for a system call. As a result, these paths are parsed\nproperly. (BZ#580855)\n\n* In certain cases, the trash info file was populated by foreign\nentries, pointing to live data. Emptying the trash caused an accidental\ndeletion of valuable data. With this update, a workaround has been applied\nin order to prevent the deletion. As a result, the accidental data loss is\nprevented, however further information is still gathered to fully fix this\nproblem. (BZ#586015)\n\n* Due to a wrong test checking for a destination file system, the Nautilus\nfile manager failed to delete a symbolic link to a folder which was\nresiding in another file system. With this update, a special test has been\nadded. As a result, a symbolic link pointing to another file system can be\ntrashed or deleted properly. (BZ#621394)\n\n* Prior to this update, when directories without a read permission were\nmarked for copy, the Nautilus file manager skipped these unreadable\ndirectories without notification. With this update, Nautilus displays an\nerror message and properly informs the user about the aforementioned\nproblem. (BZ#772307)\n\n* Previously, gnome-vfs2 used the stat() function calls for every file on\nthe MultiVersion File System (MVFS), used for example by IBM Rational\nClearCase. This behavior significantly slowed down file operations. With\nthis update, the unnecessary stat() operations have been limited. As a\nresult, gnome-vfs2 user interfaces, such as Nautilus, are more responsive.\n(BZ#822817)\n\nAll gnome-vfs2 users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/000341.html\n\n**Affected packages:**\ngnome-vfs2\ngnome-vfs2-devel\ngnome-vfs2-smb\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0131.html", "edition": 4, "reporter": "CentOS Project", "published": "2013-01-11T13:17:57", "title": "gnome security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2473"], "modified": "2013-01-11T13:17:57", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-January/000341.html", "id": "CESA-2013:0131", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:38:40", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments_done": [], "references": [], "description": "BUGTRAQ ID: 36080\r\nCVE(CAN) ID: CVE-2009-2473\r\n\r\nneon\u662f\u4e00\u6b3eHTTP\u548cWebDAV\u5ba2\u6237\u7aef\u5e93\u3002\r\n\r\n\u5982\u679c\u4f7f\u7528\u4e86expat\u5e93\uff0cneon\u5728\u5b9e\u4f53\u6269\u5c55\u671f\u95f4\u6ca1\u6709\u6b63\u786e\u7684\u68c0\u6d4b\u9012\u5f52\u3002\u5f53\u5ba2\u6237\u7aef\u5e94\u7528\u8bbf\u95ee\u6076\u610f\u7684DAV\u670d\u52a1\u5668\u6216\u4f7f\u7528XML\u89e3\u6790\u63a5\u53e3\uff08ne_xml*\uff09\u89e3\u6790XML\u6587\u6863\u7684\u65f6\u5019\uff0c\u5305\u542b\u6709\u5927\u91cf\u5d4c\u5957\u5b9e\u4f53\u5f15\u7528\u7684\u7279\u5236XML\u6587\u6863\u5c31\u53ef\u80fd\u8017\u5c3d\u5927\u91cf\u5185\u5b58\u548cCPU\u8d44\u6e90\u3002\r\n\n\nNeon Client Library < 0.28.6\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nNeon\r\n----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html", "reporter": "Root", "published": "2009-08-26T00:00:00", "title": "Neon XML\u6587\u6863\u89e3\u6790\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2473"], "_object_type": "robots.models.seebug.SeebugBulletin", "modified": "2009-08-26T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12116", "id": "SSV:12116", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "", "status": "details"}], "exploitdb": [{"lastseen": "2016-02-01T12:01:33", "osvdbidlist": ["57423"], "references": [], "description": "Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability. CVE-2009-2473. Dos exploit for linux platform", "edition": 1, "reporter": "Peter Valchev", "published": "2009-11-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "exploitdb", "title": "Expat 2.0.1 UTF-8 Character XML Parsing Remote Denial of Service Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2473"], "modified": "2009-11-12T00:00:00", "id": "EDB-ID:10206", "href": "https://www.exploit-db.com/exploits/10206/", "sourceData": "Bugtraq ID: 36097\r\nClass: Input Validation Error\r\n\r\nPublished: Jan 17 2009 12:00AM\r\nUpdated: Nov 12 2009 08:06PM\r\nCredit: Peter Valchev\r\nVulnerable: SuSE openSUSE 11.0\r\nSuSE openSUSE 10.3\r\nSuSE Linux 9\r\nSuSE Linux 11\r\nSuSE Linux 10.0\r\nRedHat Fedora 11\r\nRedHat Fedora 10\r\nRedHat Enterprise Linux WS 4\r\nRedHat Enterprise Linux WS 3\r\nRedHat Enterprise Linux ES 4\r\nRedHat Enterprise Linux ES 3\r\nRedHat Enterprise Linux AS 4\r\nRedHat Enterprise Linux AS 3\r\nRedHat Enterprise Linux Desktop version 4\r\nRedHat Desktop 3.0\r\nPython Software Foundation Python 3.0.1\r\nPython Software Foundation Python 2.6.2\r\nPython Software Foundation Python 2.5.3\r\nPython Software Foundation Python 2.5.2 r6\r\nPython Software Foundation Python 2.5.2\r\nPython Software Foundation Python 2.5.1\r\nPython Software Foundation Python 2.4.5\r\nPython Software Foundation Python 2.4.4 r14\r\nPython Software Foundation Python 2.4.4\r\nPython Software Foundation Python 2.4.3\r\n+ Trustix Secure Linux 3.0.5\r\nPython Software Foundation Python 2.4.2\r\nPython Software Foundation Python 2.4.1\r\nPython Software Foundation Python 2.4\r\nPython Software Foundation Python 2.3.6\r\nPython Software Foundation Python 2.3.5\r\nPython Software Foundation Python 2.3.4\r\n+ MandrakeSoft Linux Mandrake 10.1 x86_64\r\n+ MandrakeSoft Linux Mandrake 10.1\r\n+ S.u.S.E. Linux Personal 9.2 x86_64\r\n+ S.u.S.E. Linux Personal 9.2\r\n+ Ubuntu Ubuntu Linux 4.1 ppc\r\n+ Ubuntu Ubuntu Linux 4.1 ia64\r\n+ Ubuntu Ubuntu Linux 4.1 ia32\r\nPython Software Foundation Python 2.3.3\r\n+ MandrakeSoft Corporate Server 3.0 x86_64\r\n+ MandrakeSoft Corporate Server 3.0\r\n+ MandrakeSoft Linux Mandrake 10.0 AMD64\r\n+ MandrakeSoft Linux Mandrake 10.0\r\n+ MandrakeSoft Linux Mandrake 9.2 amd64\r\n+ MandrakeSoft Linux Mandrake 9.2\r\n+ S.u.S.E. Linux Personal 9.0 x86_64\r\n+ S.u.S.E. Linux Personal 9.0\r\nPython Software Foundation Python 2.3.2\r\nPython Software Foundation Python 2.3.1\r\nPython Software Foundation Python 2.3 b1\r\nPython Software Foundation Python 2.3\r\n+ S.u.S.E. Linux Personal 9.0 x86_64\r\n+ S.u.S.E. Linux Personal 9.0\r\nPython Software Foundation Python 2.2.3\r\n+ RedHat Desktop 3.0\r\n+ RedHat Enterprise Linux AS 3\r\n+ RedHat Enterprise Linux ES 3\r\n+ RedHat Enterprise Linux WS 3\r\n+ Ubuntu Ubuntu Linux 4.1 ppc\r\n+ Ubuntu Ubuntu Linux 4.1 ia64\r\n+ Ubuntu Ubuntu Linux 4.1 ia32\r\nPython Software Foundation Python 2.2.2\r\n+ OpenPKG OpenPKG 1.2\r\n+ RedHat Linux 7.3\r\n+ S.u.S.E. Linux Personal 8.2\r\nPython Software Foundation Python 2.2.1\r\n+ Debian Linux 3.0 sparc\r\n+ Debian Linux 3.0 s/390\r\n+ Debian Linux 3.0 ppc\r\n+ Debian Linux 3.0 mipsel\r\n+ Debian Linux 3.0 mips\r\n+ Debian Linux 3.0 m68k\r\n+ Debian Linux 3.0 ia-64\r\n+ Debian Linux 3.0 ia-32\r\n+ Debian Linux 3.0 hppa\r\n+ Debian Linux 3.0 arm\r\n+ Debian Linux 3.0 alpha\r\n+ Debian Linux 3.0\r\n+ Gentoo Linux 1.4 _rc1\r\n+ Gentoo Linux 1.2\r\n+ MandrakeSoft Corporate Server 2.1 x86_64\r\n+ MandrakeSoft Corporate Server 2.1\r\n+ MandrakeSoft Linux Mandrake 9.0\r\n+ OpenPKG OpenPKG 1.1\r\n+ S.u.S.E. Linux 8.1\r\nPython Software Foundation Python 2.2\r\n+ Conectiva Linux 8.0\r\n+ MandrakeSoft Linux Mandrake 8.2 ppc\r\n+ MandrakeSoft Linux Mandrake 8.2\r\n+ MandrakeSoft Linux Mandrake 8.1 ia64\r\n+ MandrakeSoft Linux Mandrake 8.1\r\nPython Software Foundation Python 2.1.3\r\n+ Debian Linux 3.0\r\nPython Software Foundation Python 2.1.2\r\nPython Software Foundation Python 2.1.1\r\n+ RedHat Linux 7.2\r\n+ Sun Linux 5.0.7\r\nPython Software Foundation Python 2.1\r\n+ Conectiva Linux 7.0\r\n+ Debian Linux 3.1 sparc\r\n+ Debian Linux 3.1 s/390\r\n+ Debian Linux 3.1 ppc\r\n+ Debian Linux 3.1 mipsel\r\n+ Debian Linux 3.1 mips\r\n+ Debian Linux 3.1 m68k\r\n+ Debian Linux 3.1 ia-64\r\n+ Debian Linux 3.1 ia-32\r\n+ Debian Linux 3.1 hppa\r\n+ Debian Linux 3.1 arm\r\n+ Debian Linux 3.1 amd64\r\n+ Debian Linux 3.1 alpha\r\n+ Debian Linux 3.1\r\n+ Debian Linux 3.0 sparc\r\n+ Debian Linux 3.0 s/390\r\n+ Debian Linux 3.0 ppc\r\n+ Debian Linux 3.0 mipsel\r\n+ Debian Linux 3.0 mips\r\n+ Debian Linux 3.0 m68k\r\n+ Debian Linux 3.0 ia-64\r\n+ Debian Linux 3.0 ia-32\r\n+ Debian Linux 3.0 hppa\r\n+ Debian Linux 3.0 arm\r\n+ Debian Linux 3.0 alpha\r\n+ Debian Linux 3.0\r\nPython Software Foundation Python 2.0.1\r\nPython Software Foundation Python 2.0\r\n+ MandrakeSoft Linux Mandrake 8.0 ppc\r\n+ MandrakeSoft Linux Mandrake 8.0\r\nPython Software Foundation Python 2.5\r\nPardus Linux 2009 0\r\nPardus Linux 2008 0\r\nJames Clark Expat 2.0.1\r\nGentoo Linux\r\nNot Vulnerable: Python Software Foundation Python 3.1.1 \r\n\r\nThe Expat library is prone to a denial-of-service vulnerability because it fails to properly handle crafted XML data.\r\n\r\nExploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.\r\n\r\nExpat 2.0.1 is vulnerable; other versions may also be affected. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10206-1.gz (2009-11-22-36097.gz)\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/10206-2.gz (2009-11-22-36097-2.gz)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10206/"}], "ubuntu": [{"lastseen": "2018-08-31T00:08:09", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2474", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-3746"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "0.28.2-6.1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon27", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "0.28.2-6.1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon27-gnutls", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "0.27.2-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon27", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "0.25.5.dfsg-5ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon25", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "0.28.2-2ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon27", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "0.28.2-2ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon27-gnutls", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "0.27.2-1ubuntu0.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libneon27-gnutls", "operator": "lt"}], "description": "Joe Orton discovered that neon did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.", "edition": 3, "reporter": "Ubuntu", "published": "2009-09-21T00:00:00", "title": "neon vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-2474", "CVE-2008-3746"], "modified": "2009-09-21T00:00:00", "id": "USN-835-1", "href": "https://usn.ubuntu.com/835-1/", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
