ID CVE-2009-0053 Type cve Reporter cve@mitre.org Modified 2011-03-08T03:17:00
Description
PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers to obtain the decryption key via unspecified vectors, related to a "logic error."
{"securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-0053", "CVE-2009-0054"], "description": "Unauthorized access to encrypted messages, unauthorized access to administration interface.", "edition": 1, "modified": "2009-01-18T00:00:00", "published": "2009-01-18T00:00:00", "id": "SECURITYVULNS:VULN:9601", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9601", "title": "Cusci IronPort Encryption Appliance / PostX multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0053", "CVE-2009-0054", "CVE-2009-0055", "CVE-2009-0056"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: IronPort Encryption Appliance / PostX and\r\n PXE Encryption Vulnerabilities\r\n\r\nAdvisory ID: cisco-sa-20090114-ironport\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 January 14 1600 UTC (GMT)\r\n\r\n+---------------------------------------------------------------------\r\n\r\nSummary\r\n=======\r\n\r\nIronPort PXE Encryption is an e-mail encryption solution that is\r\ndesigned to secure e-mail communications without the need for a\r\nPublic Key Infrastructure (PKI) or special agents on receiving\r\nsystems. When an e-mail message is targeted for encryption, the PXE\r\nencryption engine on an IronPort e-mail gateway encrypts the original\r\ne-mail message as an HTML file and attaches it to a notification\r\ne-mail message that is sent to the recipient. The per-message key\r\nused to decrypt the HTML file attachment is stored on a local\r\nIronPort Encryption Appliance, PostX software installation or the\r\nCisco Registered Envelope Service, which is a Cisco-managed software\r\nservice.\r\n\r\nPXE Encryption Privacy Vulnerabilities\r\n+-------------------------------------\r\n\r\nThe IronPort PXE Encryption solution is affected by two\r\nvulnerabilities that could allow unauthorized individuals to view the\r\ncontents of secure e-mail messages. To exploit the vulnerabilities,\r\nattackers must first intercept secure e-mail messages on the network\r\nor via a compromised e-mail account.\r\n\r\nIronPort Encryption Appliance Administration Interface Vulnerabilities\r\n+---------------------------------------------------------------------\r\n\r\nIronPort Encryption Appliance devices contain two vulnerabilities\r\nthat could allow unauthorized users to gain access to the IronPort\r\nEncryption Appliance administration interface and modify other users'\r\nsettings. These vulnerabilities do not affect Cisco Registered\r\nEnvelope Service users.\r\n\r\nCisco has released free software updates that address these\r\nvulnerabilities. There are no workarounds for the vulnerabilities\r\nthat are described in this advisory.\r\n\r\nThis advisory is posted at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml\r\n\r\nAffected Products\r\n=================\r\n\r\nVulnerable Products\r\n+------------------\r\n\r\nThe following IronPort Encryption Appliance/PostX versions are\r\naffected by these vulnerabilities:\r\n\r\n * All PostX 6.2.1 versions prior to 6.2.1.1\r\n * All PostX 6.2.2 versions prior to 6.2.2.3\r\n * All IronPort Encryption Appliance/PostX 6.2.4 versions prior to 6.2.4.1.1\r\n * All IronPort Encryption Appliance/PostX 6.2.5 versions\r\n * All IronPort Encryption Appliance/PostX 6.2.6 versions\r\n * All IronPort Encryption Appliance/PostX 6.2.7 versions prior to 6.2.7.7\r\n * All IronPort Encryption Appliance 6.3 versions prior to 6.3.0.4\r\n * All IronPort Encryption Appliance 6.5 versions prior to 6.5.0.2\r\n\r\nThe version of software that is running on an IronPort Encryption\r\nAppliance is located on the About page of the IronPort Encryption\r\nAppliance administration interface.\r\n\r\nNote: Customers should contact IronPort support to determine which\r\nsoftware fixes are applicable for their environment. Please consult\r\nthe Obtaining Fixed Software section of this advisory for more\r\ninformation.\r\n\r\nProducts Confirmed Not Vulnerable\r\n+--------------------------------\r\n\r\nIronPort C, M and S-Series appliances are not affected by these\r\nvulnerabilities. Although C-Series appliances can be configured to\r\nuse a local IronPort Encryption Appliance for per-message key\r\nretention, the C-Series appliances are not vulnerable. The Cisco\r\nRegistered Envelope Service is not vulnerable.\r\n\r\nNo other Cisco products are currently known to be affected by these\r\nvulnerabilities.\r\n\r\nDetails\r\n=======\r\n\r\nNote: IronPort tracks bugs using an internal system that is not\r\navailable to customers. The IronPort bug tracking identifiers are\r\nprovided for reference only.\r\n\r\nPXE Encryption Privacy Vulnerabilities\r\n+-------------------------------------\r\n\r\nIndividual PXE Encryption users are vulnerable to two message privacy\r\nvulnerabilities that could allow an attacker to gain access to\r\nsensitive information. All the vulnerabilities require an attacker to\r\nfirst intercept a secure e-mail message as a condition for successful\r\nexploitation. Attackers can obtain secure e-mail messages by\r\nmonitoring a network or a compromised user e-mail account.\r\n\r\nThe IronPort Encryption Appliance contains a logic error that could\r\nallow an attacker to obtain the unique, per-message decryption key\r\nthat is used to protect the content of an intercepted secure e-mail\r\nmessage without user interaction. Using the decryption key, an\r\nattacker could decrypt the contents of the secure e-mail message.\r\nThis vulnerability is documented in IronPort bug 8062 and has been\r\nassigned Common Vulnerabilities and Exposures (CVE) identifier\r\nCVE-2009-0053.\r\n\r\nBy modifying the contents of intercepted secure e-mail messages or by\r\nforging a close copy of the e-mail message, it may be possible for an\r\nattacker to convince a user to view a modified secure e-mail message\r\nand then cause the exposure of the user's credentials and message\r\ncontent. Please see the Workarounds section for more information on\r\nmitigations available to reduce exposure to these phishing-style\r\nattacks. This vulnerability is documented in IronPort bug 8149 and\r\nhas been assigned Common Vulnerabilities and Exposures (CVE)\r\nidentifier CVE-2009-0054.\r\n\r\nIronPort Encryption Appliance Administration Interface Vulnerabilities\r\n+---------------------------------------------------------------------\r\n\r\nThe administration interface of IronPort Encryption Appliance devices\r\ncontains a cross-site request forgery (CSRF) vulnerability that could\r\nallow an attacker to modify a user's IronPort Encryption Appliance\r\npreferences, including their user name and personal security pass\r\nphrase, if the user is logged into the IronPort Encryption Appliance\r\nadministration interface. Exploitation of the vulnerability will not\r\nallow an attacker to change a user's password. This vulnerability is\r\ndocumented in IronPort bug 5806 and has been assigned Common\r\nVulnerabilities and Exposures (CVE) identifier CVE-2009-0055.\r\n\r\nThe administration interface of IronPort Encryption Appliance devices\r\nalso contains a cross-site request forgery (CSRF) vulnerability that\r\ncould allow an attacker to execute a command and modify a user's\r\nIronPort Encryption Appliance preferences, including their user name\r\nand personal security pass phrase, under certain circumstances when a\r\nuser logs out of the IronPort Encryption Appliance administration\r\ninterface. Exploitation of the vulnerability will not allow an\r\nattacker to change a user's password. This vulnerability is\r\ndocumented in IronPort bug 6403 and has been assigned Common\r\nVulnerabilities and Exposures (CVE) identifier CVE-2009-0056.\r\n\r\nVulnerability Scoring Details\r\n=============================\r\n\r\nCisco has provided scores for the vulnerabilities in this advisory\r\nbased on the Common Vulnerability Scoring System (CVSS). The CVSS\r\nscoring in this Security Advisory is done in accordance with CVSS\r\nversion 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of\r\nthe vulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding\r\nCVSS at:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\nPXE Encryption Message Decryption Vulnerability - IronPort Bug 8062\r\n\r\nCVSS Base Score - 7.1\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - None\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 5.9\r\n Exploitability - Functional\r\n Remediation Level - Official Fix\r\n Report Confidence - Confirmed\r\n\r\nPXE Encryption Phishing Vulnerabilities - IronPort Bug 8149\r\n\r\nCVSS Base Score - 6.1\r\n Access Vector - Network\r\n Access Complexity - High\r\n Authentication - None\r\n Confidentiality Impact - Complete\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 5\r\n Exploitability - Functional\r\n Remediation Level - Official Fix\r\n Report Confidence - Confirmed\r\n\r\nIronPort Encryption Appliance CSRF Vulnerability - IronPort Bug 5806\r\n\r\nCVSS Base Score - 5.8\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Partial\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.8\r\n Exploitability - Functional\r\n Remediation Level - Official Fix\r\n Report Confidence - Confirmed\r\n\r\nIronPort Encryption Appliance Logout Action CSRF Vulnerability - IronPort Bug 6403\r\n\r\nCVSS Base Score - 5.8\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - Partial\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.8\r\n Exploitability - Functional\r\n Remediation Level - Official Fix\r\n Report Confidence - Confirmed\r\n\r\nImpact\r\n======\r\n\r\nPXE Encryption Privacy Vulnerabilities\r\n+-------------------------------------\r\n\r\nSuccessful exploitation of these vulnerabilities could allow an\r\nattacker to obtain user credentials and view the contents of\r\nintercepted secure e-mail messages, which could result in the\r\ndisclosure of sensitive information.\r\n\r\nIronPort Encryption Appliance Administration Interface Vulnerabilities\r\n+---------------------------------------------------------------------\r\n\r\nSuccessful exploitation of these vulnerabilities could allow an\r\nattacker to access user accounts on an IronPort Encryption Appliance\r\ndevice, which could result in the modification of user preferences.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nWhen considering software upgrades, also consult\r\nhttp://www.cisco.com/go/psirt and any subsequent advisories to determine\r\nexposure and a complete upgrade solution.\r\n\r\nWorkarounds\r\n===========\r\n\r\nThere are no workarounds for the vulnerabilities that are described\r\nin this advisory.\r\n\r\nThere are mitigations available to help prevent exploitation of the\r\nPXE Encryption phishing-style vulnerability. Phishing attacks can be\r\ngreatly reduced if DomainKeys Identified Mail (DKIM) and Sender\r\nPolicy Framework (SPF) are implemented on IronPort e-mail gateways to\r\nhelp ensure message integrity and source origin. Additionally, the\r\nPXE Encryption solution contains an anti-phishing Secure Pass Phrase\r\nfeature to ensure that secure notification e-mail messages are valid.\r\nThis feature is enabled by recipients when configuring their PXE user\r\nprofile. Cisco has released a best practices document that describes\r\nseveral techniques to mitigate against the phishing-style attacks\r\nthat is available at the following link:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/bpiron.html\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address these\r\nvulnerabilities. The affected products in this advisory are directly\r\nsupported by IronPort, and not via the Cisco TAC organization.\r\nCustomers should contact IronPort technical support at the link below\r\nto obtain software fixes. IronPort technical support will assist\r\ncustomers in determining the correct fixes and installation\r\nprocedures. Customers should direct all warranty questions to\r\nIronPort technical support.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for\r\nsoftware upgrades.\r\n\r\nhttp://www.ironport.com/support/contact_support.html\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThe Cisco PSIRT is not aware of any public announcements or malicious\r\nuse of the vulnerabilities that are described in this advisory.\r\n\r\nJ.B. Snyder of Brintech reported a method for obtaining PXE\r\nEncryption user credentials via a phishing-style attack to Cisco.\r\n\r\nAll other vulnerabilities were discovered by Cisco or reported by\r\ncustomers.\r\n\r\nStatus of this Notice: FINAL\r\n============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY\r\nKIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that\r\nomits the distribution URL in the following section is an\r\nuncontrolled copy, and may lack important information or contain\r\nfactual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20090114-ironport.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice\r\nis clear-signed with the Cisco PSIRT PGP key and is posted to the\r\nfollowing e-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on\r\nmailing lists or newsgroups. Users concerned about this problem are\r\nencouraged to check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+---------------------------------------+\r\n| Revision | | Initial |\r\n| 1.0 | 2009-January-14 | public |\r\n| | | release |\r\n+---------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities in Cisco\r\nproducts, obtaining assistance with security incidents, and\r\nregistering to receive security information from Cisco, is available\r\non Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html\r\n\r\nThis includes instructions for press inquiries regarding Cisco security notices.\r\nAll Cisco security advisories are available at:\r\n\r\nhttp://www.cisco.com/go/psirt\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.5 (SunOS)\r\n\r\niD8DBQFJbhoo86n/Gc8U/uARAjuxAJ4oLc1JjS7N9728Ueb6JB7Y2LVJtACfaSfA\r\nA6WIz481vajHya3jIlp+/Xc=\r\n=cFJ6\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-01-18T00:00:00", "published": "2009-01-18T00:00:00", "id": "SECURITYVULNS:DOC:21191", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21191", "title": "Cisco Security Advisory: IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2019-05-29T15:33:14", "bulletinFamily": "software", "cvelist": ["CVE-2009-0053", "CVE-2009-0054", "CVE-2009-0055", "CVE-2009-0056"], "description": "", "modified": "2009-01-14T16:00:00", "published": "2009-01-14T16:00:00", "id": "CISCO-SA-20090114-IRONPORT", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20090114-ironport", "type": "cisco", "title": "IronPort Encryption Appliance / PostX and PXE Encryption Vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-04T11:30:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4444", "CVE-2008-3818", "CVE-2007-4476", "CVE-2009-0053", "CVE-2009-0021", "CVE-2008-5500", "CVE-2008-3997", "CVE-2008-5449", "CVE-2009-0054", "CVE-2008-4006", "CVE-2008-5718", "CVE-2008-5512", "CVE-2009-0055", "CVE-2008-5503", "CVE-2009-0056", "CVE-2008-3979", "CVE-2008-5714", "CVE-2008-5511", "CVE-2008-5508", "CVE-2008-2382", "CVE-2008-5448", "CVE-2008-3821", "CVE-2008-5507", "CVE-2008-5506", "CVE-2008-5256"], "description": "The remote host is missing an update to hplip\nannounced via advisory USN-708-1.", "modified": "2017-12-01T00:00:00", "published": "2009-01-20T00:00:00", "id": "OPENVAS:63233", "href": "http://plugins.openvas.org/nasl.php?oid=63233", "type": "openvas", "title": "Ubuntu USN-708-1 (hplip)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_708_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_708_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-708-1 (hplip)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 7.10:\n hplip 2.7.7.dfsg.1-0ubuntu5.3\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-708-1\";\n\ntag_insight = \"It was discovered that an installation script in the HPLIP package would\nchange permissions on the hplip config files located in user's home directories.\nA local user could exploit this and change permissions on arbitrary files\nupon an HPLIP installation or upgrade, which could lead to root privileges.\";\ntag_summary = \"The remote host is missing an update to hplip\nannounced via advisory USN-708-1.\";\n\n \n\n\nif(description)\n{\n script_id(63233);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-20 22:42:09 +0100 (Tue, 20 Jan 2009)\");\n script_cve_id(\"CVE-2008-3997\", \"CVE-2008-4444\", \"CVE-2008-4006\", \"CVE-2008-5449\", \"CVE-2008-3979\", \"CVE-2009-0021\", \"CVE-2008-3821\", \"CVE-2008-2382\", \"CVE-2008-5714\", \"CVE-2008-3818\", \"CVE-2009-0053\", \"CVE-2009-0054\", \"CVE-2009-0055\", \"CVE-2009-0056\", \"CVE-2008-5500\", \"CVE-2008-5503\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5256\", \"CVE-2008-5448\", \"CVE-2008-5718\", \"CVE-2007-4476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-708-1 (hplip)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-708-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"hplip-data\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-doc\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-gui\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs-ppds\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-dbg\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"netatalk\", ver:\"2.0.3-4+etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.15.1-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.18-2ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4444", "CVE-2008-5516", "CVE-2008-2383", "CVE-2007-4349", "CVE-2008-3818", "CVE-2007-4476", "CVE-2009-0053", "CVE-2008-5377", "CVE-2008-3825", "CVE-2008-2238", "CVE-2009-0021", "CVE-2008-5500", "CVE-2008-3997", "CVE-2008-5449", "CVE-2009-0054", "CVE-2008-4006", "CVE-2008-5077", "CVE-2008-5183", "CVE-2008-5718", "CVE-2008-5262", "CVE-2009-0050", "CVE-2008-5512", "CVE-2008-5286", "CVE-2008-2237", "CVE-2009-0055", "CVE-2008-5503", "CVE-2009-0056", "CVE-2008-3979", "CVE-2008-4314", "CVE-2008-5714", "CVE-2008-5511", "CVE-2008-5517", "CVE-2008-5508", "CVE-2008-2382", "CVE-2008-5184", "CVE-2008-5448", "CVE-2008-3821", "CVE-2008-5507", "CVE-2009-0025", "CVE-2008-5506", "CVE-2008-5256"], "description": "The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.", "modified": "2017-12-01T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:64165", "href": "http://plugins.openvas.org/nasl.php?oid=64165", "type": "openvas", "title": "Ubuntu USN-707-1 (cupsys)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_707_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-707-1 (cupsys)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n cupsys 1.2.2-0ubuntu0.6.06.12\n\nUbuntu 7.10:\n cupsys 1.3.2-1ubuntu7.9\n\nUbuntu 8.04 LTS:\n cupsys 1.3.7-1ubuntu3.3\n\nUbuntu 8.10:\n cups 1.3.9-2ubuntu6.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-707-1\";\n\ntag_insight = \"It was discovered that CUPS didn't properly handle adding a large number of RSS\nsubscriptions. A local user could exploit this and cause CUPS to crash, leading\nto a denial of service. This issue only applied to Ubuntu 7.10, 8.04 LTS and\n8.10. (CVE-2008-5183)\n\nIt was discovered that CUPS did not authenticate users when adding and\ncancelling RSS subscriptions. An unprivileged local user could bypass intended\nrestrictions and add a large number of RSS subscriptions. This issue only\napplied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)\n\nIt was discovered that the PNG filter in CUPS did not properly handle certain\nmalformed images. If a user or automated system were tricked into opening a\ncrafted PNG image file, a remote attacker could cause a denial of service or\nexecute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,\nattackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)\n\nIt was discovered that the example pstopdf CUPS filter created log files in an\ninsecure way. Local users could exploit a race condition to create or overwrite\nfiles with the privileges of the user invoking the program. This issue only\napplied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5377)\";\ntag_summary = \"The remote host is missing an update to cupsys\nannounced via advisory USN-707-1.\";\n\n \n\n\nif(description)\n{\n script_id(64165);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2008-5183\", \"CVE-2008-5184\", \"CVE-2008-5286\", \"CVE-2008-5377\", \"CVE-2009-0050\", \"CVE-2008-2383\", \"CVE-2007-4349\", \"CVE-2008-5077\", \"CVE-2009-0021\", \"CVE-2009-0025\", \"CVE-2008-5262\", \"CVE-2008-2237\", \"CVE-2008-2238\", \"CVE-2008-4314\", \"CVE-2008-5517\", \"CVE-2008-5516\", \"CVE-2008-3825\", \"CVE-2008-3997\", \"CVE-2008-4444\", \"CVE-2008-4006\", \"CVE-2008-5449\", \"CVE-2008-3979\", \"CVE-2008-3821\", \"CVE-2008-2382\", \"CVE-2008-5714\", \"CVE-2008-3818\", \"CVE-2009-0053\", \"CVE-2009-0054\", \"CVE-2009-0055\", \"CVE-2009-0056\", \"CVE-2008-5500\", \"CVE-2008-5503\", \"CVE-2008-5506\", \"CVE-2008-5507\", \"CVE-2008-5508\", \"CVE-2008-5511\", \"CVE-2008-5512\", \"CVE-2008-5256\", \"CVE-2008-5448\", \"CVE-2008-5718\", \"CVE-2007-4476\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-707-1 (cupsys)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-707-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libcupsys2-gnutls10\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.2.2-0ubuntu0.6.06.12\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.2-1ubuntu7.9\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.7-1ubuntu3.3\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cupsys-common\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsys2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-bsd\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-client\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups-dbg\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"cups\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcups2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2-dev\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcupsimage2\", ver:\"1.3.9-2ubuntu6.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso-java\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3-dev\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"php4-lasso\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblasso3\", ver:\"0.6.5-3+etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7-dbg\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.7\", ver:\"0.9.7k-3.1etch2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8c-4etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-doc\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-simple\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp-refclock\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntpdate\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ntp\", ver:\"4.2.2.p4+dfsg-2etch1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-data\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-doc\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-gui\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs-ppds\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hpijs\", ver:\"2.7.7+2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip-dbg\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"hplip\", ver:\"2.7.7.dfsg.1-0ubuntu5.3\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-common\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs1\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozillainterfaces-java\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsmjs-dev\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"spidermonkey-bin\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xulrunner-gnome-support\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-xpcom\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libxul0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnss3-0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libmozjs0d-dbg\", ver:\"1.8.0.15~pre080614i-0etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"netatalk\", ver:\"2.0.3-4+etch1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.15.1-2ubuntu2.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"tar\", ver:\"1.18-2ubuntu1.1\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}