ID CVE-2009-2967 Type cve Reporter cve@mitre.org Modified 2017-08-17T01:30:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
{"openvas": [{"lastseen": "2019-05-29T18:40:23", "bulletinFamily": "scanner", "description": "This host is installed with Buildbot and is prone to multiple\n Cross Site Scripting vulnerabilities.", "modified": "2019-04-29T00:00:00", "published": "2009-09-11T00:00:00", "id": "OPENVAS:1361412562310800935", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800935", "title": "Buildbot Multiple Cross-Site Scripting Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Buildbot Multiple Cross-Site Scripting Vulnerabilities\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800935\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-2967\");\n script_bugtraq_id(36100);\n script_name(\"Buildbot Multiple Cross-Site Scripting Vulnerabilities\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36352\");\n script_xref(name:\"URL\", value:\"http://buildbot.net/trac#SecurityAlert\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/2352\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_buildbot_detect.nasl\");\n script_mandatory_keys(\"Buildbot/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to inject arbitrary web script\n or HTML via unspecified vectors and conduct cross-site scripting attacks.\");\n script_tag(name:\"affected\", value:\"Buildbot version 0.7.6 through 0.7.11p2 on all platforms.\");\n script_tag(name:\"insight\", value:\"Several scripts in the application do not adequately sanitise user supplied\n data before processing and returning it to the user.\");\n script_tag(name:\"summary\", value:\"This host is installed with Buildbot and is prone to multiple\n Cross Site Scripting vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Apply the patches or upgrade to version 0.7.11p3.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nbuildbotVer = get_kb_item(\"Buildbot/Ver\");\nif(!buildbotVer)\n exit(0);\n\nif(version_in_range(version:buildbotVer, test_version:\"0.7.6\", test_version2:\"0.7.11.p2\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-02T21:13:57", "bulletinFamily": "scanner", "description": "This host is installed with Buildbot and is prone to multiple\n Cross Site Scripting vulnerabilities.", "modified": "2016-12-28T00:00:00", "published": "2009-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800935", "id": "OPENVAS:800935", "title": "Buildbot Multiple Cross-Site Scripting Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_buildbot_mult_xss_vuln.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# Buildbot Multiple Cross-Site Scripting Vulnerabilities\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Apply the patches or upgrade to version 0.7.11p3.\n http://buildbot.net/trac#SecurityAlert\n\n *****\n NOTE: Please ignore this warning if the patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation will allow attacker to inject arbitrary web script\n or HTML via unspecified vectors and conduct cross-site scripting attacks.\n Impact Level: Application\";\ntag_affected = \"Buildbot version 0.7.6 through 0.7.11p2 on all platforms.\";\ntag_insight = \"Several scripts in the application do not adequately sanitise user supplied\n data before processing and returning it to the user.\";\ntag_summary = \"This host is installed with Buildbot and is prone to multiple\n Cross Site Scripting vulnerabilities.\";\n\nif(description)\n{\n script_id(800935);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-11 18:01:06 +0200 (Fri, 11 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-2967\");\n script_bugtraq_id(36100);\n script_name(\"Buildbot Multiple Cross-Site Scripting Vulnerabilities\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36352\");\n script_xref(name : \"URL\" , value : \"http://buildbot.net/trac#SecurityAlert\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/2352\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_buildbot_detect.nasl\");\n script_require_keys(\"Buildbot/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nbuildbotVer = get_kb_item(\"Buildbot/Ver\");\n\nif(buildbotVer != NULL)\n{\n if(version_in_range(version:buildbotVer, test_version:\"0.7.6\",\n test_version2:\"0.7.11.p2\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8577.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064726", "id": "OPENVAS:136141256231064726", "title": "Fedora Core 10 FEDORA-2009-8577 (buildbot)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8577.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8577 (buildbot)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3\n\nfixing XSS issue detailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nChangeLog:\n\n* Mon Aug 17 2009 Steve 'Ashcrow' Milner - 0.7.11p3-1\n- Update for another XSS vuln from upstream\n* Thu Aug 13 2009 Steve 'Ashcrow' Milner - 0.7.11p2-1\n- Update for XSS vuln from upstream\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update buildbot' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8577\";\ntag_summary = \"The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8577.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64726\");\n script_cve_id(\"CVE-2009-2959\",\"CVE-2009-2967\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-8577 (buildbot)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"buildbot\", rpm:\"buildbot~0.7.11p3~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8516.", "modified": "2018-04-06T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064724", "id": "OPENVAS:136141256231064724", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-8516 (buildbot)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8516.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8516 (buildbot)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3\nfixing XSS issue detailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nChangeLog:\n\n* Mon Aug 17 2009 Steve 'Ashcrow' Milner - 0.7.11p3-2\n- turning off tests in builds\n* Mon Aug 17 2009 Steve 'Ashcrow' Milner - 0.7.11p3-1\n- Update for another XSS vuln from upstream\n* Thu Aug 13 2009 Steve 'Ashcrow' Milner - 0.7.11p2-1\n- Update for XSS vuln from upstream\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update buildbot' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8516\";\ntag_summary = \"The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8516.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64724\");\n script_cve_id(\"CVE-2009-2959\",\"CVE-2009-2967\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-8516 (buildbot)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"buildbot\", rpm:\"buildbot~0.7.11p3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8577.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64726", "id": "OPENVAS:64726", "title": "Fedora Core 10 FEDORA-2009-8577 (buildbot)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8577.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8577 (buildbot)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3\n\nfixing XSS issue detailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nChangeLog:\n\n* Mon Aug 17 2009 Steve 'Ashcrow' Milner - 0.7.11p3-1\n- Update for another XSS vuln from upstream\n* Thu Aug 13 2009 Steve 'Ashcrow' Milner - 0.7.11p2-1\n- Update for XSS vuln from upstream\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update buildbot' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8577\";\ntag_summary = \"The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8577.\";\n\n\n\nif(description)\n{\n script_id(64726);\n script_cve_id(\"CVE-2009-2959\",\"CVE-2009-2967\");\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-8577 (buildbot)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"buildbot\", rpm:\"buildbot~0.7.11p3~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8516.", "modified": "2017-07-10T00:00:00", "published": "2009-09-02T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64724", "id": "OPENVAS:64724", "title": "Fedora Core 11 FEDORA-2009-8516 (buildbot)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_8516.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-8516 (buildbot)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nUpdate to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3\nfixing XSS issue detailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nChangeLog:\n\n* Mon Aug 17 2009 Steve 'Ashcrow' Milner - 0.7.11p3-2\n- turning off tests in builds\n* Mon Aug 17 2009 Steve 'Ashcrow' Milner - 0.7.11p3-1\n- Update for another XSS vuln from upstream\n* Thu Aug 13 2009 Steve 'Ashcrow' Milner - 0.7.11p2-1\n- Update for XSS vuln from upstream\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update buildbot' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8516\";\ntag_summary = \"The remote host is missing an update to buildbot\nannounced via advisory FEDORA-2009-8516.\";\n\n\n\nif(description)\n{\n script_id(64724);\n script_cve_id(\"CVE-2009-2959\",\"CVE-2009-2967\");\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-02 04:58:39 +0200 (Wed, 02 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-8516 (buildbot)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"buildbot\", rpm:\"buildbot~0.7.11p3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-11-01T02:26:43", "bulletinFamily": "scanner", "description": "Update to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3 fixing XSS issue\ndetailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2009-8577.NASL", "href": "https://www.tenable.com/plugins/nessus/40672", "published": "2009-08-24T00:00:00", "title": "Fedora 10 : buildbot-0.7.11p3-1.fc10 (2009-8577)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8577.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40672);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2019/08/02 13:32:30\");\n\n script_cve_id(\"CVE-2009-2959\", \"CVE-2009-2967\");\n script_xref(name:\"FEDORA\", value:\"2009-8577\");\n\n script_name(english:\"Fedora 10 : buildbot-0.7.11p3-1.fc10 (2009-8577)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3 fixing XSS issue\ndetailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://buildbot.net/trac#SecurityAlert\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.buildbot.net#SecurityAlert\"\n );\n # http://pypi.python.org/pypi/buildbot/0.7.11p3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://pypi.org/project/buildbot/0.7.11p3/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028255.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ff2c91fd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected buildbot package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:buildbot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"buildbot-0.7.11p3-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"buildbot\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-11-01T02:26:43", "bulletinFamily": "scanner", "description": "Update to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3 fixing XSS issue\ndetailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2009-8516.NASL", "href": "https://www.tenable.com/plugins/nessus/40671", "published": "2009-08-24T00:00:00", "title": "Fedora 11 : buildbot-0.7.11p3-2.fc11 (2009-8516)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-8516.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40671);\n script_version (\"1.11\");\n script_cvs_date(\"Date: 2019/08/02 13:32:30\");\n\n script_cve_id(\"CVE-2009-2959\", \"CVE-2009-2967\");\n script_xref(name:\"FEDORA\", value:\"2009-8516\");\n\n script_name(english:\"Fedora 11 : buildbot-0.7.11p3-2.fc11 (2009-8516)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to new upstream version 0.7.11p3:\nhttp://pypi.python.org/pypi/buildbot/0.7.11p3 fixing XSS issue\ndetailed in upstream security alert:\nhttp://buildbot.net/trac#SecurityAlert\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://buildbot.net/trac#SecurityAlert\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://trac.buildbot.net#SecurityAlert\"\n );\n # http://pypi.python.org/pypi/buildbot/0.7.11p3\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://pypi.org/project/buildbot/0.7.11p3/\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/028248.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60f0aa4d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected buildbot package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:buildbot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"buildbot-0.7.11p3-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"buildbot\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
