{"edition": 1, "affectedPackage": [{"packageFilename": "libsoup2.4_2.4.1-2+lenny1_all.deb", "packageVersion": "2.4.1-2+lenny1", "arch": "all", "OSVersion": "5", "packageName": "libsoup2.4", "OS": "Debian GNU/Linux", "operator": "lt"}, {"packageFilename": "libsoup2.4_2.30.2-1+squeeze1_all.deb", "packageVersion": "2.30.2-1+squeeze1", "arch": "all", "OSVersion": "6", "packageName": "libsoup2.4", "OS": "Debian GNU/Linux", "operator": "lt"}], "type": "debian", "bulletinFamily": "unix", "reporter": "Debian", "title": "libsoup2.4 -- insufficient input sanitization", "references": [], "history": [], "description": "It was discovered that libsoup, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 2.30.2-1+squeeze1.\n\nFor the testing distribution (wheezy), this problem has been fixed in version 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 2.34.3-1.\n\nWe recommend that you upgrade your libsoup2.4 packages.", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "viewCount": 1, "published": "2011-12-21T00:00:00", "lastseen": "2016-09-02T18:24:17", "id": "DSA-2369", "hash": "d5e7e93a0b259ee2abec863ef61ac3ed25accafd86aa57f9f12696ff8f47245a", "cvelist": ["CVE-2011-2524"], "objectVersion": "1.2", "modified": "2011-12-21T00:00:00", "href": "http://www.debian.org/security/dsa-2369", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}

{"cve": [{"lastseen": "2016-09-03T15:28:15", "references": ["http://git.gnome.org/browse/libsoup/tree/NEWS", "http://www.securitytracker.com/id?1025864", "https://bugzilla.gnome.org/show_bug.cgi?id=653258", "http://www.redhat.com/support/errata/RHSA-2011-1102.html", "http://www.ubuntu.com/usn/USN-1181-1", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html", "http://www.debian.org/security/2011/dsa-2369"], "edition": 1, "description": "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.", "reporter": "NVD", "published": "2011-08-31T19:55:02", "title": "CVE-2011-2524", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T15:28:15", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2011-2524"], "scanner": [], "cpe": ["cpe:/a:gnome:libsoup:2.2.97", "cpe:/a:gnome:libsoup:2.2.99", "cpe:/a:gnome:libsoup:2.29.91", "cpe:/a:gnome:libsoup:2.34.1", "cpe:/a:gnome:libsoup:2.23.92", "cpe:/a:gnome:libsoup:2.27.91", "cpe:/a:gnome:libsoup:2.2.6.1", "cpe:/a:gnome:libsoup:2.31.90", "cpe:/a:gnome:libsoup:2.25.5", "cpe:/a:gnome:libsoup:2.4.0", "cpe:/a:gnome:libsoup:2.2.95.1", "cpe:/a:gnome:libsoup:2.24.1", "cpe:/a:gnome:libsoup:2.27.90", "cpe:/a:gnome:libsoup:2.23.1", "cpe:/a:gnome:libsoup:2.2.5", "cpe:/a:gnome:libsoup:2.23.91", "cpe:/a:gnome:libsoup:2.0", "cpe:/a:gnome:libsoup:2.31.92", "cpe:/a:gnome:libsoup:2.26.1", "cpe:/a:gnome:libsoup:2.2", "cpe:/a:gnome:libsoup:2.2.100", "cpe:/a:gnome:libsoup:2.2.6", "cpe:/a:gnome:libsoup:2.32.0", "cpe:/a:gnome:libsoup:2.31.2", "cpe:/a:gnome:libsoup:2.30.1", "cpe:/a:gnome:libsoup:2.2.93", "cpe:/a:gnome:libsoup:2.2.3", "cpe:/a:gnome:libsoup:2.33.92", "cpe:/a:gnome:libsoup:2.29.90", "cpe:/a:gnome:libsoup:2.27.1", "cpe:/a:gnome:libsoup:2.26.0", "cpe:/a:gnome:libsoup:2.34.0", "cpe:/a:gnome:libsoup:2.33.4", "cpe:/a:gnome:libsoup:2.33.90", "cpe:/a:gnome:libsoup:2.25.3", "cpe:/a:gnome:libsoup:2.2.101", "cpe:/a:gnome:libsoup:2.32.2", "cpe:/a:gnome:libsoup:2.27.92", "cpe:/a:gnome:libsoup:2.27.5", "cpe:/a:gnome:libsoup:2.28.1", "cpe:/a:gnome:libsoup:2.2.94", "cpe:/a:gnome:libsoup:2.29.3", "cpe:/a:gnome:libsoup:2.2.104", "cpe:/a:gnome:libsoup:2.25.91", "cpe:/a:gnome:libsoup:2.32.1", "cpe:/a:gnome:libsoup:2.35.3", "cpe:/a:gnome:libsoup:2.29.5", "cpe:/a:gnome:libsoup:2.2.4", "cpe:/a:gnome:libsoup:2.2.103", "cpe:/a:gnome:libsoup:2.2.1", "cpe:/a:gnome:libsoup:2.25.4", "cpe:/a:gnome:libsoup:2.2.102", "cpe:/a:gnome:libsoup:2.3.2", "cpe:/a:gnome:libsoup:2.2.7", "cpe:/a:gnome:libsoup:2.24.0.1", "cpe:/a:gnome:libsoup:2.33.5", "cpe:/a:gnome:libsoup:2.33.6", "cpe:/a:gnome:libsoup:2.31.6", "cpe:/a:gnome:libsoup:2.2.92", "cpe:/a:gnome:libsoup:2.27.4", "cpe:/a:gnome:libsoup:2.30.0", "cpe:/a:gnome:libsoup:2.4.1", "cpe:/a:gnome:libsoup:2.27.2", "cpe:/a:gnome:libsoup:2.2.98", "cpe:/a:gnome:libsoup:2.2.91", "cpe:/a:gnome:libsoup:2.28.0", "cpe:/a:gnome:libsoup:2.2.96", "cpe:/a:gnome:libsoup:2.23.6", "cpe:/a:gnome:libsoup:2.25.2", "cpe:/a:gnome:libsoup:2.3.4", "cpe:/a:gnome:libsoup:2.3.0.1", "cpe:/a:gnome:libsoup:2.2.2", "cpe:/a:gnome:libsoup:2.2.0", "cpe:/a:gnome:libsoup:2.29.6"], "modified": "2012-02-01T23:06:16", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2524", "id": "CVE-2011-2524", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "openvas": [{"lastseen": "2018-09-02T00:01:18", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:036", "2012:036"], "pluginID": "1361412562310831650", "description": "Check for the Version of libsoup", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "title": "Mandriva Update for libsoup MDVSA-2012:036 (libsoup)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310831650", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libsoup MDVSA-2012:036 (libsoup)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in libsoup:\n\n Directory traversal vulnerability in soup-uri.c in SoupServer in\n libsoup before 2.35.4 allows remote attackers to read arbitrary files\n via a %2e%2e (encoded dot dot) in a URI (CVE-2011-2524).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libsoup on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:036\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831650\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:58:37 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-2524\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:036\");\n script_name(\"Mandriva Update for libsoup MDVSA-2012:036 (libsoup)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4_1~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4~devel~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4_1~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4~devel~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4_1~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4~devel~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4_1~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4~devel~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4_1~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4~devel~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4_1~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4~devel~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:00:22", "references": [], "pluginID": "136141256231070688", "description": "The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.", "edition": 3, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-02-11T00:00:00", "title": "Debian Security Advisory DSA 2369-1 (libsoup2.4)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:136141256231070688", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070688", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2369_1.nasl 9352 2018-04-06 07:13:02Z cfischer $\n# Description: Auto-generated from advisory DSA 2369-1 (libsoup2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libsoup2.4, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to SoupServer.\nA remote attacker can exploit this flaw to access system files via a\ndirectory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.34.3-1.\n\n\nWe recommend that you upgrade your libsoup2.4 packages.\";\ntag_summary = \"The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202369-1\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70688\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-2524\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:14:57 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2369-1 (libsoup2.4)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dbg\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:02", "references": [], "pluginID": "70688", "description": "The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.", "edition": 2, "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "published": "2012-02-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 2369-1 (libsoup2.4)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=70688", "id": "OPENVAS:70688", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2369_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2369-1 (libsoup2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libsoup2.4, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to SoupServer.\nA remote attacker can exploit this flaw to access system files via a\ndirectory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.34.3-1.\n\n\nWe recommend that you upgrade your libsoup2.4 packages.\";\ntag_summary = \"The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202369-1\";\n\nif(description)\n{\n script_id(70688);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-2524\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:14:57 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2369-1 (libsoup2.4)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dbg\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:47", "references": ["2011-9763", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html"], "pluginID": "863395", "description": "Check for the Version of libsoup", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for libsoup FEDORA-2011-9763", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863395", "id": "OPENVAS:863395", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9763\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libsoup is an HTTP library implementation in C. It was originally part\n of a SOAP (Simple Object Access Protocol) implementation called Soup, but\n the SOAP and non-SOAP parts have now been split into separate packages.\n\n libsoup uses the Glib main loop and is designed to work well with GTK\n applications. This enables GNOME applications to access HTTP servers\n on the network in a completely asynchronous fashion, very similar to\n the Gtk+ programming model (a synchronous operation mode is also\n supported for those who want it).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsoup on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html\");\n script_id(863395);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9763\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9763\");\n\n script_summary(\"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.34.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:20", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html", "2011-9820"], "pluginID": "863546", "description": "Check for the Version of libsoup", "edition": 2, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-09-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for libsoup FEDORA-2011-9820", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863546", "id": "OPENVAS:863546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9820\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libsoup is an HTTP library implementation in C. It was originally part\n of a SOAP (Simple Object Access Protocol) implementation called Soup, but\n the SOAP and non-SOAP parts have now been split into separate packages.\n\n libsoup uses the Glib main loop and is designed to work well with GTK\n applications. This enables GNOME applications to access HTTP servers\n on the network in a completely asynchronous fashion, very similar to\n the Gtk+ programming model (a synchronous operation mode is also\n supported for those who want it).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsoup on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html\");\n script_id(863546);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-27 17:29:53 +0200 (Tue, 27 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9820\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9820\");\n\n script_summary(\"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.32.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:17", "references": ["2011:1102-01", "https://www.redhat.com/archives/rhsa-announce/2011-July/msg00033.html"], "pluginID": "870704", "description": "Check for the Version of libsoup", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-07-09T00:00:00", "title": "RedHat Update for libsoup RHSA-2011:1102-01", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2017-12-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870704", "id": "OPENVAS:870704", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libsoup RHSA-2011:1102-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libsoup is an HTTP client/library implementation for GNOME.\n\n A directory traversal flaw was found in libsoup's SoupServer. If an\n application used SoupServer to implement an HTTP service, a remote attacker\n who is able to connect to that service could use this flaw to access any\n local files accessible to that application via a specially-crafted request.\n (CVE-2011-2524)\n\n All users of libsoup should upgrade to these updated packages, which\n contain a backported patch to resolve this issue. All running applications\n using libsoup's SoupServer must be restarted for the update to take effect.\";\n\ntag_affected = \"libsoup on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00033.html\");\n script_id(870704);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:50:37 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-2524\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1102-01\");\n script_name(\"RedHat Update for libsoup RHSA-2011:1102-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup-debuginfo\", rpm:\"libsoup-debuginfo~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup-devel\", rpm:\"libsoup-devel~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:03:56", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html", "2011-9820"], "pluginID": "1361412562310863546", "description": "Check for the Version of libsoup", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-09-27T00:00:00", "title": "Fedora Update for libsoup FEDORA-2011-9820", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863546", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9820\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libsoup is an HTTP library implementation in C. It was originally part\n of a SOAP (Simple Object Access Protocol) implementation called Soup, but\n the SOAP and non-SOAP parts have now been split into separate packages.\n\n libsoup uses the Glib main loop and is designed to work well with GTK\n applications. This enables GNOME applications to access HTTP servers\n on the network in a completely asynchronous fashion, very similar to\n the Gtk+ programming model (a synchronous operation mode is also\n supported for those who want it).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsoup on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863546\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-27 17:29:53 +0200 (Tue, 27 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9820\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9820\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.32.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:16", "references": ["http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:036", "2012:036"], "pluginID": "831650", "description": "Check for the Version of libsoup", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-08-03T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Mandriva Update for libsoup MDVSA-2012:036 (libsoup)", "type": "openvas", "naslFamily": "Mandrake Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2017-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=831650", "id": "OPENVAS:831650", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libsoup MDVSA-2012:036 (libsoup)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in libsoup:\n\n Directory traversal vulnerability in soup-uri.c in SoupServer in\n libsoup before 2.35.4 allows remote attackers to read arbitrary files\n via a %2e%2e (encoded dot dot) in a URI (CVE-2011-2524).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"libsoup on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:036\");\n script_id(831650);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:58:37 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2011-2524\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:036\");\n script_name(\"Mandriva Update for libsoup MDVSA-2012:036 (libsoup)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4_1~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4~devel~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4_1~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4~devel~2.34.2~1.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4_1~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4~devel~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4_1~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4~devel~2.24.0.1~1.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4_1~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.4~devel~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4_1~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64soup\", rpm:\"lib64soup~2.4~devel~2.30.2~1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:02:36", "references": ["2011-9763", "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html"], "pluginID": "1361412562310863395", "description": "Check for the Version of libsoup", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-12T00:00:00", "title": "Fedora Update for libsoup FEDORA-2011-9763", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310863395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863395", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9763\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libsoup is an HTTP library implementation in C. It was originally part\n of a SOAP (Simple Object Access Protocol) implementation called Soup, but\n the SOAP and non-SOAP parts have now been split into separate packages.\n\n libsoup uses the Glib main loop and is designed to work well with GTK\n applications. This enables GNOME applications to access HTTP servers\n on the network in a completely asynchronous fashion, very similar to\n the Gtk+ programming model (a synchronous operation mode is also\n supported for those who want it).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsoup on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863395\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9763\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9763\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.34.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-04T11:27:16", "references": ["http://www.ubuntu.com/usn/usn-1181-1/", "1181-1"], "pluginID": "840715", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1181-1", "edition": 4, "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "published": "2011-08-02T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Ubuntu Update for libsoup2.4 USN-1181-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840715", "id": "OPENVAS:840715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1181_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libsoup2.4 USN-1181-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libsoup did not properly validate its input when\n processing SoupServer requests. A remote attacker could exploit this to\n access files via directory traversal.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1181-1\";\ntag_affected = \"libsoup2.4 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1181-1/\");\n script_id(840715);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1181-1\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Ubuntu Update for libsoup2.4 USN-1181-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.31.92-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-0ubuntu0.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.34.0-0ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:44:11", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=706630", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00011.html"], "pluginID": "75921", "description": "This update of libsoup fixes a directory traversal attack that affect application using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsoup-2_4-1", "p-cpe:/a:novell:opensuse:libsoup-2_4-1-debuginfo-32bit", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:libsoup-2_4-1-debuginfo", "p-cpe:/a:novell:opensuse:libsoup-2_4-1-32bit"], "id": "SUSE_11_4_LIBSOUP-2_4-1-110729.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75921", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libsoup-2_4-1-4941.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75921);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 22:10:33 $\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)\");\n script_summary(english:\"Check for the libsoup-2_4-1-4941 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup-2_4-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsoup-2_4-1-2.32.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"libsoup-2_4-1-debuginfo-2.32.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.32.2-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", cpu:\"x86_64\", reference:\"libsoup-2_4-1-debuginfo-32bit-2.32.2-3.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:51:03", "references": ["https://packages.debian.org/source/squeeze/libsoup2.4", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635837", "http://www.debian.org/security/2011/dsa-2369"], "pluginID": "57509", "description": "It was discovered that libsoup, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.", "edition": 5, "reporter": "Tenable", "published": "2012-01-12T00:00:00", "title": "Debian DSA-2369-1 : libsoup2.4 - insufficient input sanitization", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libsoup2.4", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2369.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=57509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2369. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57509);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/09 14:30:25\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"DSA\", value:\"2369\");\n\n script_name(english:\"Debian DSA-2369-1 : libsoup2.4 - insufficient input sanitization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libsoup, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to\nSoupServer. A remote attacker can exploit this flaw to access system\nfiles via a directory traversal attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libsoup2.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2011/dsa-2369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libsoup2.4 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsoup2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libsoup2.4\", reference:\"2.4.1-2+lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup-gnome2.4-1\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup-gnome2.4-dev\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-1\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-dbg\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-dev\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-doc\", reference:\"2.30.2-1+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:55:25", "references": ["http://www.nessus.org/u?d6f9892c"], "pluginID": "61102", "description": "libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially crafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.", "edition": 4, "reporter": "Tenable", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libsoup on SL6.x i386/x86_64", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Scientific Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2014-08-16T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110728_LIBSOUP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61102", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61102);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/08/16 19:47:27 $\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"Scientific Linux Security Update : libsoup on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.\"\n );\n # http://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=2566\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6f9892c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libsoup, libsoup-debuginfo and / or libsoup-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libsoup-2.28.2-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsoup-debuginfo-2.28.2-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsoup-devel-2.28.2-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:35:50", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=726469", "http://www.nessus.org/u?302b6e9d"], "pluginID": "55771", "description": "Update to 2.34.3, including fix for CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2011-08-08T00:00:00", "title": "Fedora 15 : libsoup-2.34.3-1.fc15 (2011-9763)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2015-10-20T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libsoup", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9763.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55771", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9763.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55771);\n script_version(\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2015/10/20 22:15:25 $\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"FEDORA\", value:\"2011-9763\");\n\n script_name(english:\"Fedora 15 : libsoup-2.34.3-1.fc15 (2011-9763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.34.3, including fix for CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726469\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?302b6e9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libsoup-2.34.3-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:42:36", "references": ["http://rhn.redhat.com/errata/RHSA-2011-1102.html", "https://www.redhat.com/security/data/cve/CVE-2011-2524.html"], "pluginID": "55724", "description": "Updated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially crafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.", "edition": 6, "reporter": "Tenable", "published": "2011-07-29T00:00:00", "title": "RHEL 6 : libsoup (RHSA-2011:1102)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:libsoup-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libsoup", "p-cpe:/a:redhat:enterprise_linux:libsoup-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-1102.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55724", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1102. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55724);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/25 18:58:05\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"RHSA\", value:\"2011:1102\");\n\n script_name(english:\"RHEL 6 : libsoup (RHSA-2011:1102)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libsoup packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2011-2524.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2011-1102.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libsoup, libsoup-debuginfo and / or libsoup-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsoup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1102\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libsoup-2.28.2-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsoup-debuginfo-2.28.2-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsoup-devel-2.28.2-1.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup / libsoup-debuginfo / libsoup-devel\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:04:52", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=726469", "http://www.nessus.org/u?f5538c90"], "pluginID": "56297", "description": "Fix CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2011-09-26T00:00:00", "title": "Fedora 14 : libsoup-2.32.2-2.fc14 (2011-9820)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libsoup", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9820.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=56297", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9820.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56297);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"FEDORA\", value:\"2011-9820\");\n\n script_name(english:\"Fedora 14 : libsoup-2.32.2-2.fc14 (2011-9820)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726469\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5538c90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"libsoup-2.32.2-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:36:15", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=706630", "http://support.novell.com/security/cve/CVE-2011-2524.html"], "pluginID": "55774", "description": "This update of libsoup fixes a directory traversal attack that affect application using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)", "edition": 4, "reporter": "Tenable", "published": "2011-08-08T00:00:00", "title": "SuSE 11.1 Security Update : libsoup (SAT Patch Number 4945)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2013-10-25T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1-32bit"], "id": "SUSE_11_LIBSOUP-110731.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55774", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55774);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:52:01 $\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"SuSE 11.1 Security Update : libsoup (SAT Patch Number 4945)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2524.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4945.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libsoup-2_4-1-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsoup-2_4-1-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libsoup-2_4-1-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libsoup-2_4-1-32bit-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.28.2-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-02T00:01:49", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=706630", "http://lists.opensuse.org/opensuse-updates/2011-08/msg00011.html"], "pluginID": "75614", "description": "This update of libsoup fixes a directory traversal attack that affect application using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)", "edition": 4, "reporter": "Tenable", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsoup-2_4-1", "p-cpe:/a:novell:opensuse:libsoup-2_4-1-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBSOUP-2_4-1-110729.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=75614", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libsoup-2_4-1-4941.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75614);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2014/06/13 21:55:23 $\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)\");\n script_summary(english:\"Check for the libsoup-2_4-1-4941 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2011-08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup-2_4-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsoup-2_4-1-2.30.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.30.1-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:32:45", "references": [], "pluginID": "58475", "description": "A vulnerability has been found and corrected in libsoup :\n\nDirectory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \\%2e\\%2e (encoded dot dot) in a URI (CVE-2011-2524).\n\nThe updated packages have been patched to correct this issue.", "edition": 5, "reporter": "Tenable", "published": "2012-03-26T00:00:00", "title": "Mandriva Linux Security Advisory : libsoup (MDVSA-2012:036)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:lib64soup-2.4-devel", "p-cpe:/a:mandriva:linux:lib64soup-2.4_1", "p-cpe:/a:mandriva:linux:libsoup-2.4_1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:libsoup-2.4-devel"], "id": "MANDRIVA_MDVSA-2012-036.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=58475", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:036. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(58475);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/19 20:59:17\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"MDVSA\", value:\"2012:036\");\n\n script_name(english:\"Mandriva Linux Security Advisory : libsoup (MDVSA-2012:036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been found and corrected in libsoup :\n\nDirectory traversal vulnerability in soup-uri.c in SoupServer in\nlibsoup before 2.35.4 allows remote attackers to read arbitrary files\nvia a \\%2e\\%2e (encoded dot dot) in a URI (CVE-2011-2524).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64soup-2.4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64soup-2.4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsoup-2.4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libsoup-2.4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64soup-2.4-devel-2.30.2-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"x86_64\", reference:\"lib64soup-2.4_1-2.30.2-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsoup-2.4-devel-2.30.2-1.1mdv2010.2\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", cpu:\"i386\", reference:\"libsoup-2.4_1-2.30.2-1.1mdv2010.2\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64soup-2.4-devel-2.34.2-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"x86_64\", reference:\"lib64soup-2.4_1-2.34.2-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsoup-2.4-devel-2.34.2-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2011\", cpu:\"i386\", reference:\"libsoup-2.4_1-2.34.2-1.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:34:42", "references": ["https://oss.oracle.com/pipermail/el-errata/2011-July/002248.html"], "pluginID": "68315", "description": "From Red Hat Security Advisory 2011:1102 :\n\nUpdated libsoup packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially crafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.", "edition": 5, "reporter": "Tenable", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : libsoup (ELSA-2011-1102)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libsoup", "p-cpe:/a:oracle:linux:libsoup-devel"], "id": "ORACLELINUX_ELSA-2011-1102.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68315", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1102 and \n# Oracle Linux Security Advisory ELSA-2011-1102 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68315);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"RHSA\", value:\"2011:1102\");\n\n script_name(english:\"Oracle Linux 6 : libsoup (ELSA-2011-1102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1102 :\n\nUpdated libsoup packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002248.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libsoup-2.28.2-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsoup-devel-2.28.2-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup / libsoup-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "references": [], "description": "==========================================================================\r\nUbuntu Security Notice USN-1181-1\r\nJuly 28, 2011\r\n\r\nlibsoup2.4 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nAn attacker could send crafted URLs to a SoupServer application and obtain\r\nunintended access to files.\r\n\r\nSoftware Description:\r\n- libsoup2.4: HTTP client/server library for GNOME\r\n\r\nDetails:\r\n\r\nIt was discovered that libsoup did not properly validate its input when\r\nprocessing SoupServer requests. A remote attacker could exploit this to\r\naccess files via directory traversal.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libsoup2.4-1 2.34.0-0ubuntu1.1\r\n\r\nUbuntu 10.10:\r\n libsoup2.4-1 2.31.92-0ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n libsoup2.4-1 2.30.2-0ubuntu0.2\r\n\r\nAfter a standard system update you need to restart any applications that\r\nuse libsoup to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1181-1\r\n CVE-2011-2524\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libsoup2.4/2.34.0-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libsoup2.4/2.31.92-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libsoup2.4/2.30.2-0ubuntu0.2\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2011-08-01T00:00:00", "title": "[USN-1181-1] libsoup2.4 vulnerability", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:41", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2011-2524"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26768", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26768", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:43", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26768"], "description": "Directory traversal in Web request handling.", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-08-01T00:00:00", "title": "libsoup library directory traversal", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:43", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "libsoup", "version": "2.4", "operator": "eq"}], "cvelist": ["CVE-2011-2524"], "modified": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11826", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11826", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2018-06-06T18:05:55", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageName": "libsoup-debuginfo", "packageFilename": "libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "src", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "x86_64", "packageName": "libsoup-debuginfo", "packageFilename": "libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageName": "libsoup-devel", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "x86_64", "packageName": "libsoup-devel", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "x86_64", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "ppc", "packageName": "libsoup-debuginfo", "packageFilename": "libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "ppc64", "packageName": "libsoup-debuginfo", "packageFilename": "libsoup-debuginfo-2.28.2-1.el6_1.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "ppc", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "ppc", "packageName": "libsoup-devel", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "ppc64", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "ppc64", "packageName": "libsoup-devel", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "s390", "packageName": "libsoup-debuginfo", "packageFilename": "libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "s390x", "packageName": "libsoup-debuginfo", "packageFilename": "libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "s390", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "s390", "packageName": "libsoup-devel", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.s390.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "s390x", "packageName": "libsoup", "packageFilename": "libsoup-2.28.2-1.el6_1.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "s390x", "packageName": "libsoup-devel", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.s390x.rpm", "operator": "lt"}], "description": "libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote attacker\nwho is able to connect to that service could use this flaw to access any\nlocal files accessible to that application via a specially-crafted request.\n(CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running applications\nusing libsoup's SoupServer must be restarted for the update to take effect.\n", "reporter": "RedHat", "published": "2011-07-28T04:00:00", "type": "redhat", "title": "(RHSA-2011:1102) Moderate: libsoup security update", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-06-06T20:24:09", "id": "RHSA-2011:1102", "href": "https://access.redhat.com/errata/RHSA-2011:1102", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:47", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2011-2524"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.04", "packageVersion": "2.34.0-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libsoup2.4-1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.04", "packageVersion": "2.30.2-0ubuntu0.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libsoup2.4-1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "10.10", "packageVersion": "2.31.92-0ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libsoup2.4-1", "operator": "lt"}], "description": "It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.", "edition": 3, "reporter": "Ubuntu", "published": "2011-07-28T00:00:00", "title": "libsoup vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "modified": "2011-07-28T00:00:00", "id": "USN-1181-1", "href": "https://usn.ubuntu.com/1181-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:49:22", "references": [], "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "x86_64", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm", "packageName": "libsoup-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.i686.rpm", "packageName": "libsoup-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageFilename": "libsoup-devel-2.28.2-1.el6_1.1.i686.rpm", "packageName": "libsoup-devel", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "x86_64", "packageFilename": "libsoup-2.28.2-1.el6_1.1.x86_64.rpm", "packageName": "libsoup", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageFilename": "libsoup-2.28.2-1.el6_1.1.i686.rpm", "packageName": "libsoup", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "i686", "packageFilename": "libsoup-2.28.2-1.el6_1.1.i686.rpm", "packageName": "libsoup", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "src", "packageFilename": "libsoup-2.28.2-1.el6_1.1.src.rpm", "packageName": "libsoup", "operator": "lt"}, {"OS": "Oracle Linux", "OSVersion": "6", "packageVersion": "2.28.2-1.el6_1.1", "arch": "src", "packageFilename": "libsoup-2.28.2-1.el6_1.1.src.rpm", "packageName": "libsoup", "operator": "lt"}], "description": "[2.28.2-1.1]\n- Patch for CVE-2011-2524", "edition": 3, "reporter": "Oracle", "published": "2011-07-28T00:00:00", "title": "libsoup security update", "type": "oraclelinux", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "modified": "2011-07-28T00:00:00", "id": "ELSA-2011-1102", "href": "http://linux.oracle.com/errata/ELSA-2011-1102.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787", "https://bugs.gentoo.org/show_bug.cgi?id=370839", "https://bugs.gentoo.org/show_bug.cgi?id=358789", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815", "https://bugs.gentoo.org/show_bug.cgi?id=350598", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812", "https://bugs.gentoo.org/show_bug.cgi?id=194151", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790", "https://bugs.gentoo.org/show_bug.cgi?id=358785", "https://bugs.gentoo.org/show_bug.cgi?id=355207", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782", "https://bugs.gentoo.org/show_bug.cgi?id=294256", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097", "https://bugs.gentoo.org/show_bug.cgi?id=294253", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760", "https://bugs.gentoo.org/show_bug.cgi?id=386321", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578", "https://bugs.gentoo.org/show_bug.cgi?id=334087", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792", "https://bugs.gentoo.org/show_bug.cgi?id=354209", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042", "https://bugs.gentoo.org/show_bug.cgi?id=356893", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526", "https://bugs.gentoo.org/show_bug.cgi?id=366697", "https://bugs.gentoo.org/show_bug.cgi?id=346897", "https://bugs.gentoo.org/show_bug.cgi?id=369069", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814", "https://bugs.gentoo.org/show_bug.cgi?id=376793", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472", "https://bugs.gentoo.org/show_bug.cgi?id=366699", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023", "https://bugs.gentoo.org/show_bug.cgi?id=344059", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389", "https://bugs.gentoo.org/show_bug.cgi?id=360891", "https://bugs.gentoo.org/show_bug.cgi?id=362185", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951", "https://bugs.gentoo.org/show_bug.cgi?id=386361", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366", "https://bugs.gentoo.org/show_bug.cgi?id=352608", "https://bugs.gentoo.org/show_bug.cgi?id=358611", "https://bugs.gentoo.org/show_bug.cgi?id=372971", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471", "https://bugs.gentoo.org/show_bug.cgi?id=381169", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072", "https://bugs.gentoo.org/show_bug.cgi?id=361397", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.02.72", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-fs/lvm2", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.9", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "x11-apps/xrdb", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.1.19", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/xine-lib", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.20", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-analyzer/sflowtool", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.9.5", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/mrouted", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.34.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/libsoup", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.32.2", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/vino", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.17", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-libs/xmlsec", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.3.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-db/unixODBC", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-php/PEAR-Mail", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.0.8", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-misc/rsync", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.8.4-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "gnome-base/gdm", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.9.6-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-util/oprofile", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.4.26862-r3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-sound/lastfmplayer", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.9.2-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-php/PEAR-PEAR", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.5.9.1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-vcs/gitolite", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.4.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-office/gnucash", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.0.4-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-cluster/resource-agents", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "20110502-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-misc/ca-certificates", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.1.4.3", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "sys-apps/shadow", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "4.38.00", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-libs/fmod", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.5.0-r1", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "games-sports/racer-bin", "operator": "ge"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "2.1.0", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "dev-util/qt-creator", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.2.7", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "net-libs/webkit-gtk", "operator": "lt"}, {"OS": "Gentoo", "OSVersion": "any", "packageVersion": "3.2.4", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "app-admin/syslog-ng", "operator": "lt"}], "edition": 1, "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "reporter": "Gentoo Foundation", "published": "2014-12-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1572", "CVE-2010-4197", "CVE-2011-2472", "CVE-2010-4204", "CVE-2010-3257", "CVE-2011-1097", "CVE-2009-4111", "CVE-2010-1783", "CVE-2011-0465", "CVE-2010-3812", "CVE-2007-4370", "CVE-2010-3389", "CVE-2010-1787", "CVE-2010-1807", "CVE-2011-2473", "CVE-2011-3366", "CVE-2010-1780", "CVE-2009-4023", "CVE-2011-1144", "CVE-2010-4578", "CVE-2011-0904", "CVE-2010-4042", "CVE-2010-2526", "CVE-2010-1786", "CVE-2011-0721", "CVE-2010-1785", "CVE-2011-3365", "CVE-2011-0482", "CVE-2011-2471", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-3374", "CVE-2011-2524", "CVE-2010-1815", "CVE-2011-0007", "CVE-2011-0905", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1792", "CVE-2011-1760", "CVE-2010-3362", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2011-1425", "CVE-2011-1072", "CVE-2011-3367", "CVE-2011-0727", "CVE-2011-1951", "CVE-2010-3813", "CVE-2010-3999", "CVE-2010-0778", "CVE-2010-1793"], "modified": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}