{"id": "F5:K31130692", "bulletinFamily": "software", "title": "GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.1.1| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2017-02-22T21:04:00", "modified": "2017-09-28T00:49:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K31130692", "reporter": "f5", "references": [], "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "type": "f5", "lastseen": "2019-02-13T22:30:43", "edition": 1, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-8605", "CVE-2016-8606"]}, {"type": "debian", "idList": ["DEBIAN:DLA-666-1:C2DB6"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-666.NASL", "FREEBSD_PKG_B4ECF774EB0111E69AC1A4BADB2F4699.NASL", "PHOTONOS_PHSA-2017-0003_GUILE.NASL", "EULEROS_SA-2019-2424.NASL", "OPENSUSE-2016-1232.NASL", "OPENSUSE-2016-1235.NASL", "FEDORA_2016-0AAB71F552.NASL", "FEDORA_2016-34209C3A8E.NASL", "FEDORA_2016-990E2012EA.NASL", "FEDORA_2016-A47BF58BEB.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192424", "OPENVAS:1361412562310872252", "OPENVAS:1361412562310809934", "OPENVAS:1361412562310871955", "OPENVAS:1361412562310809916", "OPENVAS:1361412562310872250"]}, {"type": "archlinux", "idList": ["ASA-201610-10"]}, {"type": "freebsd", "idList": ["B4ECF774-EB01-11E6-9AC1-A4BADB2F4699"]}, {"type": "fedora", "idList": ["FEDORA:003E460874C7", "FEDORA:CA83E60918E2", "FEDORA:611BD604E440", "FEDORA:EE5A160876D3", "FEDORA:DADF660918D8"]}], "modified": "2019-02-13T22:30:43", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2019-02-13T22:30:43", "rev": 2}, "vulnersScore": 5.0}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-10-03T12:10:51", "description": "The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-12T22:59:00", "title": "CVE-2016-8606", "type": "cve", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8606"], "modified": "2017-01-18T16:27:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "cpe:/o:fedoraproject:fedora:24", "cpe:/a:gnu:guile:2.0.12", "cpe:/o:fedoraproject:fedora:23"], "id": "CVE-2016-8606", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8606", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:guile:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:07:43", "description": "The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.", "edition": 5, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-01-12T22:59:00", "title": "CVE-2016-8605", "type": "cve", "cwe": ["CWE-275"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8605"], "modified": "2017-01-18T15:59:00", "cpe": ["cpe:/o:fedoraproject:fedora:25", "cpe:/o:fedoraproject:fedora:24", "cpe:/a:gnu:guile:2.0.12", "cpe:/o:fedoraproject:fedora:23"], "id": "CVE-2016-8605", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8605", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:gnu:guile:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-12-07T00:00:00", "id": "OPENVAS:1361412562310871955", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871955", "type": "openvas", "title": "Fedora Update for guile FEDORA-2016-0aab71f552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for guile FEDORA-2016-0aab71f552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871955\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:21:41 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for guile FEDORA-2016-0aab71f552\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'guile'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"guile on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-0aab71f552\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"guile\", rpm:\"guile~2.0.13~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809916", "type": "openvas", "title": "Fedora Update for guile FEDORA-2016-34209c3a8e", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for guile FEDORA-2016-34209c3a8e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809916\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 17:59:34 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for guile FEDORA-2016-34209c3a8e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'guile'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"guile on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-34209c3a8e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"guile\", rpm:\"guile~2.0.13~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-11-14T00:00:00", "id": "OPENVAS:1361412562310809934", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809934", "type": "openvas", "title": "Fedora Update for guile FEDORA-2016-a47bf58beb", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for guile FEDORA-2016-a47bf58beb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809934\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-14 18:00:43 +0530 (Mon, 14 Nov 2016)\");\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for guile FEDORA-2016-a47bf58beb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'guile'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"guile on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-a47bf58beb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"guile\", rpm:\"guile~2.0.13~1.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8605"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-13T00:00:00", "id": "OPENVAS:1361412562310872252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872252", "type": "openvas", "title": "Fedora Update for compat-guile18 FEDORA-2016-990e2012ea", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for compat-guile18 FEDORA-2016-990e2012ea\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872252\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-13 05:43:59 +0100 (Fri, 13 Jan 2017)\");\n script_cve_id(\"CVE-2016-8605\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for compat-guile18 FEDORA-2016-990e2012ea\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-guile18'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"compat-guile18 on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-990e2012ea\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBOKZZ6XHOAGOVXYUIAEG5SQ2RVUUGUA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-guile18\", rpm:\"compat-guile18~1.8.8~14.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8605"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-01-13T00:00:00", "id": "OPENVAS:1361412562310872250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872250", "type": "openvas", "title": "Fedora Update for compat-guile18 FEDORA-2016-6dd3bc37c3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for compat-guile18 FEDORA-2016-6dd3bc37c3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872250\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-13 05:43:36 +0100 (Fri, 13 Jan 2017)\");\n script_cve_id(\"CVE-2016-8605\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for compat-guile18 FEDORA-2016-6dd3bc37c3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'compat-guile18'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"compat-guile18 on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-6dd3bc37c3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLXIH4CUE3MCUMOYGSDMJWVSUWMG5XRR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"compat-guile18\", rpm:\"compat-guile18~1.8.8~14.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:38:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8605"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192424", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192424", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for guile (EulerOS-SA-2019-2424)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2424\");\n script_version(\"2020-01-23T12:54:38+0000\");\n script_cve_id(\"CVE-2016-8605\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:54:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:54:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for guile (EulerOS-SA-2019-2424)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2424\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2424\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'guile' package(s) announced via the EulerOS-SA-2019-2424 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.(CVE-2016-8605)\");\n\n script_tag(name:\"affected\", value:\"'guile' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"guile\", rpm:\"guile~2.0.14~1.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8605", "CVE-2016-8606"], "description": "Arch Linux Security Advisory ASA-201610-10\n==========================================\n\nSeverity: High\nDate : 2016-10-16\nCVE-ID : CVE-2016-8605 CVE-2016-8606\nPackage : guile\nType : multiple issues\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package guile before version 2.0.13-1 is vulnerable to\nmultiple issues including arbitrary code execution and\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 2.0.13-1.\n\n# pacman -Syu \"guile>=2.0.13-1\"\n\nThe problems have been fixed upstream in version 2.0.13.\n\nWorkaround\n==========\n\n- CVE-2016-8606 (arbitrary code execution)\n\nBind the REPL server to a Unix-domain socket.\n\n guile --listen=/tmp/guile-socket\n\nDescription\n===========\n\n- CVE-2016-8605 (information disclosure)\n\nThe mkdir procedure of GNU Guile, an implementation of the\nScheme programming language, temporarily changed the\nprocess' umask to zero. During that time window, in a\nmultithreaded application, other threads could end up\ncreating files with insecure permissions. For example, mkdir\nwithout the optional mode argument would create directories\nas 0777.\n\n- CVE-2016-8606 (arbitrary code execution)\n\nIt was reported that the REPL server is vulnerable to the\nHTTP inter- protocol attack. This constitutes a remote code\nexecution vulnerability for developers running a REPL server\nthat listens on a loopback device or private network.\nApplications that do not run a REPL server, as is usually\nthe case, are unaffected.\n\nImpact\n======\n\nA remote attacker is able to execute arbitrary code via a HTTP\ninter-protocol attack if the REPL server is listening on a\nloopback device or private network.\n\nRunning a multi-threaded guile application can cause\ndirectories or files to be created with world\nreadable/writable/executable permissions during a small window\nwhich leads to information disclosure.\n\nReferences\n==========\n\nhttp://www.openwall.com/lists/oss-security/2016/10/11/1\nhttp://www.openwall.com/lists/oss-security/2016/10/12/2\nhttps://access.redhat.com/security/cve/CVE-2016-8605\nhttps://access.redhat.com/security/cve/CVE-2016-8606\nhttps://lists.gnu.org/archive/html/info-gnu/2016-10/msg00009.html", "modified": "2016-10-16T00:00:00", "published": "2016-10-16T00:00:00", "id": "ASA-201610-10", "href": "https://security.archlinux.org/ASA-201610-10", "type": "archlinux", "title": "[ASA-201610-10] guile: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "description": "\nLudovic Court\u00c3\u00a8s reports:\n\nThe REPL server is vulnerable to\n\t the HTTP inter-protocol attack\nThe \u00e2\u0080\u0098mkdir\u00e2\u0080\u0099 procedure of GNU Guile, an implementation of\n\t the Scheme programming language, temporarily changed the process\u00e2\u0080\u0099 umask\n\t to zero. During that time window, in a multithreaded application, other\n\t threads could end up creating files with insecure permissions.\n\n", "edition": 5, "modified": "2016-10-12T00:00:00", "published": "2016-10-12T00:00:00", "id": "B4ECF774-EB01-11E6-9AC1-A4BADB2F4699", "href": "https://vuxml.freebsd.org/freebsd/b4ecf774-eb01-11e6-9ac1-a4badb2f4699.html", "title": "guile2 -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8605", "CVE-2016-8606"], "description": "GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the guile package if you'd like to add extensibility to programs that you are developing. ", "modified": "2016-10-16T18:55:01", "published": "2016-10-16T18:55:01", "id": "FEDORA:003E460874C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: guile-2.0.13-1.fc25", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8605", "CVE-2016-8606"], "description": "GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the guile package if you'd like to add extensibility to programs that you are developing. ", "modified": "2016-10-18T15:56:56", "published": "2016-10-18T15:56:56", "id": "FEDORA:611BD604E440", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: guile-2.0.13-1.fc24", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8605", "CVE-2016-8606"], "description": "GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the guile package if you'd like to add extensibility to programs that you are developing. ", "modified": "2016-10-22T00:53:17", "published": "2016-10-22T00:53:17", "id": "FEDORA:DADF660918D8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: guile-2.0.13-1.fc23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8605"], "description": "GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the compat-guile18 package if you'd like to add extensibility to programs that you are developing. ", "modified": "2017-01-12T05:25:22", "published": "2017-01-12T05:25:22", "id": "FEDORA:EE5A160876D3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: compat-guile18-1.8.8-14.fc25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8605"], "description": "GUILE (GNU's Ubiquitous Intelligent Language for Extension) is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the compat-guile18 package if you'd like to add extensibility to programs that you are developing. ", "modified": "2017-01-12T06:49:37", "published": "2017-01-12T06:49:37", "id": "FEDORA:CA83E60918E2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: compat-guile18-1.8.8-14.fc24", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:22:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "description": "Package : guile-2.0\nVersion : 2.0.5+1-3+deb7u1\nCVE ID : CVE-2016-8605 CVE-2016-8606\nDebian Bug : 840555 840556\n\n\nSeveral vulnerabilities were discovered in GNU Guile, an\nimplementation of the Scheme programming language. The Common\nVulnerabilities and Exposures project identifies the following issues.\n\nCVE-2016-8605:\n The mkdir procedure of GNU Guile temporarily changed the process&#x27;\n umask to zero. During that time window, in a multithreaded\n application, other threads could end up creating files with\n insecure permissions.\n\nCVE-2016-8606:\n GNU Guile provides a &quot;REPL server&quot; which is a command prompt that\n developers can connect to for live coding and debugging purposes.\n The REPL server is started by the &#x27;--listen&#x27; command-line option\n or equivalent API.\n\n It was reported that the REPL server is vulnerable to the HTTP\n inter-protocol attack.\n\n This constitutes a remote code execution vulnerability for\n developers running a REPL server that listens on a loopback device\n or private network. Applications that do not run a REPL server, as\n is usually the case, are unaffected.\n\n\nFor Debian 7 &quot;Wheezy&quot;, these problems have been fixed in version\n2.0.5+1-3+deb7u1.\n\nWe recommend that you upgrade your guile-2.0 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 3, "modified": "2016-10-18T22:18:33", "published": "2016-10-18T22:18:33", "id": "DEBIAN:DLA-666-1:C2DB6", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201610/msg00021.html", "title": "[SECURITY] [DLA 666-1] guile-2.0 security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T10:57:24", "description": "Ludovic Courtes reports :\n\nThe REPL server is vulnerable to the HTTP inter-protocol attack\n\nThe 'mkdir' procedure of GNU Guile, an implementation of the\nScheme programming language, temporarily changed the process' umask\nto zero. During that time window, in a multithreaded application,\nother threads could end up creating files with insecure permissions.", "edition": 27, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-02-06T00:00:00", "title": "FreeBSD : guile2 -- multiple vulnerabilities (b4ecf774-eb01-11e6-9ac1-a4badb2f4699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "modified": "2017-02-06T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:guile2"], "id": "FREEBSD_PKG_B4ECF774EB0111E69AC1A4BADB2F4699.NASL", "href": "https://www.tenable.com/plugins/nessus/96994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96994);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n\n script_name(english:\"FreeBSD : guile2 -- multiple vulnerabilities (b4ecf774-eb01-11e6-9ac1-a4badb2f4699)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ludovic Courtes reports :\n\nThe REPL server is vulnerable to the HTTP inter-protocol attack\n\nThe 'mkdir' procedure of GNU Guile, an implementation of the\nScheme programming language, temporarily changed the process' umask\nto zero. During that time window, in a multithreaded application,\nother threads could end up creating files with insecure permissions.\"\n );\n # http://www.openwall.com/lists/oss-security/2016/10/11/1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2016/10/11/1\"\n );\n # http://www.openwall.com/lists/oss-security/2016/10/12/2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openwall.com/lists/oss-security/2016/10/12/2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216663\"\n );\n # https://vuxml.freebsd.org/freebsd/b4ecf774-eb01-11e6-9ac1-a4badb2f4699.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0faba3dc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:guile2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"guile2<2.0.13\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-05T11:12:38", "description": "This update for guile fixes the following issues :\n\n - CVE-2016-8606: REPL server vulnerable to HTTP\n inter-protocol attacks (bsc#1004226).\n\n - CVE-2016-8605: Thread-unsafe umask modification\n (bsc#1004221).", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-27T00:00:00", "title": "openSUSE Security Update : guile (openSUSE-2016-1235)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "modified": "2016-10-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:guile-debuginfo", "p-cpe:/a:novell:opensuse:libguile-2_0-22", "p-cpe:/a:novell:opensuse:guile-debugsource", "p-cpe:/a:novell:opensuse:libguile-2_0-22-debuginfo", "p-cpe:/a:novell:opensuse:guile-modules-2_0", "p-cpe:/a:novell:opensuse:libguilereadline-v-18-18", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:guile-devel", "p-cpe:/a:novell:opensuse:libguilereadline-v-18-18-debuginfo", "p-cpe:/a:novell:opensuse:guile"], "id": "OPENSUSE-2016-1235.NASL", "href": "https://www.tenable.com/plugins/nessus/94310", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1235.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94310);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n\n script_name(english:\"openSUSE Security Update : guile (openSUSE-2016-1235)\");\n script_summary(english:\"Check for the openSUSE-2016-1235 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for guile fixes the following issues :\n\n - CVE-2016-8606: REPL server vulnerable to HTTP\n inter-protocol attacks (bsc#1004226).\n\n - CVE-2016-8605: Thread-unsafe umask modification\n (bsc#1004221).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004226\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected guile packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-modules-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-2_0-22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-2_0-22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguilereadline-v-18-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguilereadline-v-18-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"guile-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"guile-debuginfo-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"guile-debugsource-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"guile-devel-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"guile-modules-2_0-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libguile-2_0-22-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libguile-2_0-22-debuginfo-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libguilereadline-v-18-18-2.0.11-3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"libguilereadline-v-18-18-debuginfo-2.0.11-3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"guile / guile-debuginfo / guile-debugsource / guile-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:44:01", "description": "Several vulnerabilities were discovered in GNU Guile, an\nimplementation of the Scheme programming language. The Common\nVulnerabilities and Exposures project identifies the following issues.\n\nCVE-2016-8605: The mkdir procedure of GNU Guile temporarily changed\nthe process' umask to zero. During that time window, in a\nmultithreaded application, other threads could end up creating files\nwith insecure permissions.\n\nCVE-2016-8606: GNU Guile provides a 'REPL server' which is a command\nprompt that developers can connect to for live coding and debugging\npurposes. The REPL server is started by the '--listen' command-line\noption or equivalent API.\n\nIt was reported that the REPL server is vulnerable to the HTTP\ninter-protocol attack.\n\nThis constitutes a remote code execution vulnerability for\ndevelopers running a REPL server that listens on a loopback\ndevice or private network. Applications that do not run a\nREPL server, as is usually the case, are unaffected.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.0.5+1-3+deb7u1.\n\nWe recommend that you upgrade your guile-2.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-19T00:00:00", "title": "Debian DLA-666-1 : guile-2.0 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "modified": "2016-10-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:guile-2.0", "p-cpe:/a:debian:debian_linux:guile-2.0-dev", "p-cpe:/a:debian:debian_linux:guile-2.0-doc", "p-cpe:/a:debian:debian_linux:guile-2.0-libs", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-666.NASL", "href": "https://www.tenable.com/plugins/nessus/94114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-666-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94114);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n\n script_name(english:\"Debian DLA-666-1 : guile-2.0 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in GNU Guile, an\nimplementation of the Scheme programming language. The Common\nVulnerabilities and Exposures project identifies the following issues.\n\nCVE-2016-8605: The mkdir procedure of GNU Guile temporarily changed\nthe process' umask to zero. During that time window, in a\nmultithreaded application, other threads could end up creating files\nwith insecure permissions.\n\nCVE-2016-8606: GNU Guile provides a 'REPL server' which is a command\nprompt that developers can connect to for live coding and debugging\npurposes. The REPL server is started by the '--listen' command-line\noption or equivalent API.\n\nIt was reported that the REPL server is vulnerable to the HTTP\ninter-protocol attack.\n\nThis constitutes a remote code execution vulnerability for\ndevelopers running a REPL server that listens on a loopback\ndevice or private network. Applications that do not run a\nREPL server, as is usually the case, are unaffected.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n2.0.5+1-3+deb7u1.\n\nWe recommend that you upgrade your guile-2.0 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/10/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/guile-2.0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:guile-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:guile-2.0-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:guile-2.0-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:guile-2.0-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"guile-2.0\", reference:\"2.0.5+1-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"guile-2.0-dev\", reference:\"2.0.5+1-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"guile-2.0-doc\", reference:\"2.0.5+1-3+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"guile-2.0-libs\", reference:\"2.0.5+1-3+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:06", "description": "Update to the latest stable release, which fixes CVE-2016-8605 and\nCVE-2016-8606.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-19T00:00:00", "title": "Fedora 24 : 5:guile (2016-34209c3a8e)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "modified": "2016-10-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:5:guile", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-34209C3A8E.NASL", "href": "https://www.tenable.com/plugins/nessus/94120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-34209c3a8e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94120);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n script_xref(name:\"FEDORA\", value:\"2016-34209c3a8e\");\n\n script_name(english:\"Fedora 24 : 5:guile (2016-34209c3a8e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest stable release, which fixes CVE-2016-8605 and\nCVE-2016-8606.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-34209c3a8e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 5:guile package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:5:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"guile-2.0.13-1.fc24\", epoch:\"5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"5:guile\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:14:37", "description": "Update to the latest stable release, which fixes CVE-2016-8605 and\nCVE-2016-8606.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-24T00:00:00", "title": "Fedora 23 : 5:guile (2016-a47bf58beb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "modified": "2016-10-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:5:guile", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-A47BF58BEB.NASL", "href": "https://www.tenable.com/plugins/nessus/94210", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-a47bf58beb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94210);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n script_xref(name:\"FEDORA\", value:\"2016-a47bf58beb\");\n\n script_name(english:\"Fedora 23 : 5:guile (2016-a47bf58beb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest stable release, which fixes CVE-2016-8605 and\nCVE-2016-8606.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-a47bf58beb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 5:guile package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:5:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"guile-2.0.13-1.fc23\", epoch:\"5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"5:guile\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:13:58", "description": "Update to the latest stable release, which fixes CVE-2016-8605 and\nCVE-2016-8606.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-15T00:00:00", "title": "Fedora 25 : 5:guile (2016-0aab71f552)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606", "CVE-2016-8605"], "modified": "2016-11-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:5:guile", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-0AAB71F552.NASL", "href": "https://www.tenable.com/plugins/nessus/94771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-0aab71f552.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94771);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-8605\", \"CVE-2016-8606\");\n script_xref(name:\"FEDORA\", value:\"2016-0aab71f552\");\n\n script_name(english:\"Fedora 25 : 5:guile (2016-0aab71f552)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest stable release, which fixes CVE-2016-8605 and\nCVE-2016-8606.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-0aab71f552\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 5:guile package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:5:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"guile-2.0.13-1.fc25\", epoch:\"5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"5:guile\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:39:15", "description": "An update of the guile package has been released.", "edition": 8, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-07T00:00:00", "title": "Photon OS 1.0: Guile PHSA-2017-0003", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8606"], "modified": "2019-02-07T00:00:00", "cpe": ["cpe:/o:vmware:photonos:1.0", "p-cpe:/a:vmware:photonos:guile"], "id": "PHOTONOS_PHSA-2017-0003_GUILE.NASL", "href": "https://www.tenable.com/plugins/nessus/121667", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0003. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121667);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2016-8606\");\n\n script_name(english:\"Photon OS 1.0: Guile PHSA-2017-0003\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the guile package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-19.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-8606\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"guile-2.0.13-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"guile-debuginfo-2.0.13-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"guile-devel-2.0.13-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"guile\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T18:16:44", "description": "This update for guile fixes the following issues :\n\n - CVE-2016-8605: Fixed thread-unsafe umask modification\n (bsc#1004221).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2017-02-07T00:00:00", "title": "SUSE SLES11 Security Update : guile (SUSE-SU-2017:0394-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8605"], "modified": "2017-02-07T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:guile"], "id": "SUSE_SU-2017-0394-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97042", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0394-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97042);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2016-8605\");\n\n script_name(english:\"SUSE SLES11 Security Update : guile (SUSE-SU-2017:0394-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for guile fixes the following issues :\n\n - CVE-2016-8605: Fixed thread-unsafe umask modification\n (bsc#1004221).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1004221\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-8605/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170394-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42df2b79\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-guile-12969=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-guile-12969=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-guile-12969=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"guile-1.8.5-24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"guile\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-05T11:14:09", "description": "This update for guile fixes the following issues :\n\n - CVE-2016-8605: Fixed thread-unsafe umask modification\n (bsc#1004221).\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 17, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2017-02-21T00:00:00", "title": "openSUSE Security Update : guile (openSUSE-2017-259)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8605"], "modified": "2017-02-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:guile-debuginfo", "p-cpe:/a:novell:opensuse:libguile-2_0-22", "p-cpe:/a:novell:opensuse:guile-debugsource", "p-cpe:/a:novell:opensuse:libguile-2_0-22-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:guile-modules-2_0", "p-cpe:/a:novell:opensuse:libguilereadline-v-18-18", "p-cpe:/a:novell:opensuse:guile-devel", "cpe:/o:novell:opensuse:42.2", "p-cpe:/a:novell:opensuse:libguilereadline-v-18-18-debuginfo", "p-cpe:/a:novell:opensuse:guile"], "id": "OPENSUSE-2017-259.NASL", "href": "https://www.tenable.com/plugins/nessus/97279", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-259.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97279);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-8605\");\n\n script_name(english:\"openSUSE Security Update : guile (openSUSE-2017-259)\");\n script_summary(english:\"Check for the openSUSE-2017-259 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for guile fixes the following issues :\n\n - CVE-2016-8605: Fixed thread-unsafe umask modification\n (bsc#1004221).\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004221\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected guile packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile-modules-2_0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-2_0-22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-2_0-22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguilereadline-v-18-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguilereadline-v-18-18-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile-debuginfo-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile-debugsource-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile-devel-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile-modules-2_0-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-2_0-22-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-2_0-22-debuginfo-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguilereadline-v-18-18-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguilereadline-v-18-18-debuginfo-2.0.9-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"guile-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"guile-debuginfo-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"guile-debugsource-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"guile-devel-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"guile-modules-2_0-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libguile-2_0-22-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libguile-2_0-22-debuginfo-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libguilereadline-v-18-18-2.0.9-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libguilereadline-v-18-18-debuginfo-2.0.9-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"guile / guile-debuginfo / guile-debugsource / guile-devel / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-06-05T11:12:38", "description": "This update for guile1 fixes the following issue :\n\n - CVE-2016-8605: Thread-unsafe umask modification\n (bsc#1004221).", "edition": 19, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2016-10-27T00:00:00", "title": "openSUSE Security Update : guile1 (openSUSE-2016-1231)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-8605"], "modified": "2016-10-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libguile-srfi-srfi-60-v-2-2-debuginfo", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-13-14-v-3-3", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-13-14-v-3-3-debuginfo", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-4-v-3-3-debuginfo", "p-cpe:/a:novell:opensuse:libguile17-debuginfo", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-1-v-3-3", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-1-v-3-3-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:guile1", "p-cpe:/a:novell:opensuse:libguilereadline-v-17-17", "p-cpe:/a:novell:opensuse:libguile1-devel", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-4-v-3-3", "p-cpe:/a:novell:opensuse:libguile17", "p-cpe:/a:novell:opensuse:guile1-debugsource", "p-cpe:/a:novell:opensuse:guile1-debuginfo", "p-cpe:/a:novell:opensuse:libguilereadline-v-17-17-debuginfo", "p-cpe:/a:novell:opensuse:libguile-srfi-srfi-60-v-2-2"], "id": "OPENSUSE-2016-1231.NASL", "href": "https://www.tenable.com/plugins/nessus/94306", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1231.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94306);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2016-8605\");\n\n script_name(english:\"openSUSE Security Update : guile1 (openSUSE-2016-1231)\");\n script_summary(english:\"Check for the openSUSE-2016-1231 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for guile1 fixes the following issue :\n\n - CVE-2016-8605: Thread-unsafe umask modification\n (bsc#1004221).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1004221\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected guile1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:guile1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-1-v-3-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-1-v-3-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-13-14-v-3-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-13-14-v-3-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-4-v-3-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-4-v-3-3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-60-v-2-2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile-srfi-srfi-60-v-2-2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguile17-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguilereadline-v-17-17\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libguilereadline-v-17-17-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile1-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile1-debuginfo-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"guile1-debugsource-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-1-v-3-3-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-1-v-3-3-debuginfo-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-13-14-v-3-3-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-13-14-v-3-3-debuginfo-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-4-v-3-3-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-4-v-3-3-debuginfo-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-60-v-2-2-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile-srfi-srfi-60-v-2-2-debuginfo-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile1-devel-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile17-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguile17-debuginfo-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguilereadline-v-17-17-1.8.8-22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libguilereadline-v-17-17-debuginfo-1.8.8-22.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"guile1 / guile1-debuginfo / guile1-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}