{"id": "FEDORA:1E27F2074A", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 16 Update: gnash-0.8.10-1.fc16", "description": "Gnash is capable of reading up to SWF v9 files and op-codes, but primarily supports SWF v7, with better SWF v8 and v9 support under heavy development. Gnash includes initial parser support for SWF v8 and v9. Not all ActionScript 2 classes are implemented yet, but all of the most heavily used ones are. Many ActionScript 2 classes are partially implemented; there is support for all of the commonly used methods of each class. ", "published": "2012-03-08T21:26:25", "modified": "2012-03-08T21:26:25", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2011-4328"], "lastseen": "2020-12-21T08:17:50", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4328"]}, {"type": "openvas", "idList": ["OPENVAS:71240", "OPENVAS:863860", "OPENVAS:136141256231071570", "OPENVAS:1361412562310863860", "OPENVAS:1361412562310864408", "OPENVAS:71570", "OPENVAS:136141256231071240", "OPENVAS:1361412562310863763", "OPENVAS:863763", "OPENVAS:864408"]}, {"type": "nessus", "idList": ["OPENSUSE-2012-164.NASL", "DEBIAN_DSA-2435.NASL", "FEDORA_2012-2617.NASL", "FEDORA_2012-2719.NASL", "GENTOO_GLSA-201207-08.NASL", "SUSE_11_4_GNASH-120306.NASL", "FEDORA_2012-2771.NASL"]}, {"type": "fedora", "idList": ["FEDORA:7666D22FF9", "FEDORA:1E43C21C1F"]}, {"type": "gentoo", "idList": ["GLSA-201207-08"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12292", "SECURITYVULNS:DOC:27843"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2435-1:BBE65"]}], "modified": "2020-12-21T08:17:50", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2020-12-21T08:17:50", "rev": 2}, "vulnersScore": 5.5}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "16", "arch": "any", "packageName": "gnash", "packageVersion": "0.8.10", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-12-09T19:39:12", "description": "plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information.", "edition": 5, "cvss3": {}, "published": "2012-06-16T00:55:00", "title": "CVE-2011-4328", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4328"], "modified": "2014-01-08T04:23:00", "cpe": ["cpe:/a:gnu:gnash:0.8.8", "cpe:/a:gnu:gnash:0.8.9", "cpe:/a:gnu:gnash:0.8.5", "cpe:/a:gnu:gnash:0.8.7"], "id": "CVE-2011-4328", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4328", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:gnu:gnash:0.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnash:0.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnash:0.8.9:rc4:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnash:0.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnash:0.8.9:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-03-09T00:00:00", "id": "OPENVAS:1361412562310863763", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863763", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2012-2719", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2012-2719\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074823.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863763\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 10:25:27 +0530 (Fri, 09 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4328\");\n script_xref(name:\"FEDORA\", value:\"2012-2719\");\n script_name(\"Fedora Update for gnash FEDORA-2012-2719\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"gnash on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.10~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "description": "Check for the Version of gnash", "modified": "2017-12-29T00:00:00", "published": "2012-03-09T00:00:00", "id": "OPENVAS:863763", "href": "http://plugins.openvas.org/nasl.php?oid=863763", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2012-2719", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2012-2719\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnash on Fedora 15\";\ntag_insight = \"Gnash is capable of reading up to SWF v9 files and op-codes, but primarily\n supports SWF v7, with better SWF v8 and v9 support under heavy development.\n Gnash includes initial parser support for SWF v8 and v9. Not all\n ActionScript 2 classes are implemented yet, but all of the most heavily\n used ones are. Many ActionScript 2 classes are partially implemented;\n there is support for all of the commonly used methods of each\n class.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074823.html\");\n script_id(863763);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-09 10:25:27 +0530 (Fri, 09 Mar 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4328\");\n script_xref(name: \"FEDORA\", value: \"2012-2719\");\n script_name(\"Fedora Update for gnash FEDORA-2012-2719\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnash\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.10~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-08T12:57:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "description": "Check for the Version of gnash", "modified": "2018-01-08T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864408", "href": "http://plugins.openvas.org/nasl.php?oid=864408", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2012-2617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2012-2617\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnash on Fedora 17\";\ntag_insight = \"Gnash is capable of reading up to SWF v9 files and op-codes, but primarily\n supports SWF v7, with better SWF v8 and v9 support under heavy development.\n Gnash includes initial parser support for SWF v8 and v9. Not all\n ActionScript 2 classes are implemented yet, but all of the most heavily\n used ones are. Many ActionScript 2 classes are partially implemented;\n there is support for all of the commonly used methods of each\n class.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074579.html\");\n script_id(864408);\n script_version(\"$Revision: 8313 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 08:02:11 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:08:35 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-4328\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-2617\");\n script_name(\"Fedora Update for gnash FEDORA-2012-2617\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnash\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.10~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-06T13:07:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "description": "Check for the Version of gnash", "modified": "2018-01-04T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863860", "href": "http://plugins.openvas.org/nasl.php?oid=863860", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2012-2771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2012-2771\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnash on Fedora 16\";\ntag_insight = \"Gnash is capable of reading up to SWF v9 files and op-codes, but primarily\n supports SWF v7, with better SWF v8 and v9 support under heavy development.\n Gnash includes initial parser support for SWF v8 and v9. Not all\n ActionScript 2 classes are implemented yet, but all of the most heavily\n used ones are. Many ActionScript 2 classes are partially implemented;\n there is support for all of the commonly used methods of each\n class.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074829.html\");\n script_id(863860);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:26:04 +0530 (Mon, 02 Apr 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4328\");\n script_xref(name: \"FEDORA\", value: \"2012-2771\");\n script_name(\"Fedora Update for gnash FEDORA-2012-2771\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnash\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.10~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863860", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2012-2771", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2012-2771\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074829.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863860\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:26:04 +0530 (Mon, 02 Apr 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-4328\");\n script_xref(name:\"FEDORA\", value:\"2012-2771\");\n script_name(\"Fedora Update for gnash FEDORA-2012-2771\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"gnash on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.10~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864408", "type": "openvas", "title": "Fedora Update for gnash FEDORA-2012-2617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnash FEDORA-2012-2617\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/074579.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:08:35 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2011-4328\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-2617\");\n script_name(\"Fedora Update for gnash FEDORA-2012-2617\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnash'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"gnash on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnash\", rpm:\"gnash~0.8.10~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:50:38", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1175", "CVE-2011-4328"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201207-08.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:71570", "href": "http://plugins.openvas.org/nasl.php?oid=71570", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201207-08 (Gnash)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Gnash which could\nresult in execution of arbitrary code, Denial of Service, or\ninformation disclosure.\";\ntag_solution = \"All Gnash users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/gnash-0.8.10-r2'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201207-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=391283\nhttp://bugs.gentoo.org/show_bug.cgi?id=408209\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201207-08.\";\n\n \n \nif(description)\n{\n script_id(71570);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4328\", \"CVE-2012-1175\");\n script_version(\"$Revision: 6589 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 10:27:50 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:54 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201207-08 (Gnash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-plugins/gnash\", unaffected: make_list(\"ge 0.8.10-r2\"), vulnerable: make_list(\"lt 0.8.10-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1175", "CVE-2011-4328"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201207-08.", "modified": "2018-10-12T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071570", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071570", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201207-08 (Gnash)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201207_08.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71570\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-4328\", \"CVE-2012-1175\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:54 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201207-08 (Gnash)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been found in Gnash which could\nresult in execution of arbitrary code, Denial of Service, or\ninformation disclosure.\");\n script_tag(name:\"solution\", value:\"All Gnash users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/gnash-0.8.10-r2'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201207-08\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=391283\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=408209\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201207-08.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"www-plugins/gnash\", unaffected: make_list(\"ge 0.8.10-r2\"), vulnerable: make_list(\"lt 0.8.10-r2\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4337", "CVE-2012-1175", "CVE-2011-4328"], "description": "The remote host is missing an update to gnash\nannounced via advisory DSA 2435-1.", "modified": "2019-03-18T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:136141256231071240", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071240", "type": "openvas", "title": "Debian Security Advisory DSA 2435-1 (gnash)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2435_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2435-1 (gnash)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71240\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4337\", \"CVE-2011-4328\", \"CVE-2012-1175\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:54:49 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2435-1 (gnash)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202435-1\");\n script_tag(name:\"insight\", value:\"Several vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.\n\nCVE-2012-1175\n\nTielei Wang from Georgia Tech Information Security Center discovered a\nvulnerability in GNU Gnash which is due to an integer overflow\nerror and can be exploited to cause a heap-based buffer overflow by\ntricking a user into opening a specially crafted SWF file.\n\nCVE-2011-4328\n\nAlexander Kurtz discovered an unsafe management of HTTP cookies. Cookie\nfiles are stored under /tmp and have predictable names, vulnerability\nthat allows a local attacker to overwrite arbitrary files the users has\nwrite permissions for, and are also world-readable which may cause\ninformation leak.\n\nCVE-2010-4337\n\nJakub Wilk discovered an unsafe management of temporary files during the\nbuild process. Files are stored under /tmp and have predictable names,\nvulnerability that allows a local attacker to overwrite arbitrary files\nthe users has write permissions for.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.8-5+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-5.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your gnash packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to gnash\nannounced via advisory DSA 2435-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"browser-plugin-gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-common\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-common-opengl\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-cygnal\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-dbg\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-doc\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-opengl\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-tools\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"klash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"klash-opengl\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"konqueror-plugin-gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mozilla-plugin-gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swfdec-gnome\", ver:\"1:0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swfdec-mozilla\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4337", "CVE-2012-1175", "CVE-2011-4328"], "description": "The remote host is missing an update to gnash\nannounced via advisory DSA 2435-1.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71240", "href": "http://plugins.openvas.org/nasl.php?oid=71240", "type": "openvas", "title": "Debian Security Advisory DSA 2435-1 (gnash)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2435_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2435-1 (gnash)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.\n\nCVE-2012-1175\n\nTielei Wang from Georgia Tech Information Security Center discovered a\nvulnerability in GNU Gnash which is due to an integer overflow\nerror and can be exploited to cause a heap-based buffer overflow by\ntricking a user into opening a specially crafted SWF file.\n\nCVE-2011-4328\n\nAlexander Kurtz discovered an unsafe management of HTTP cookies. Cookie\nfiles are stored under /tmp and have predictable names, vulnerability\nthat allows a local attacker to overwrite arbitrary files the users has\nwrite permissions for, and are also world-readable which may cause\ninformation leak.\n\nCVE-2010-4337\n\nJakub Wilk discovered an unsafe management of temporary files during the\nbuild process. Files are stored under /tmp and have predictable names,\nvulnerability that allows a local attacker to overwrite arbitrary files\nthe users has write permissions for.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.8-5+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-5.\n\nWe recommend that you upgrade your gnash packages.\";\ntag_summary = \"The remote host is missing an update to gnash\nannounced via advisory DSA 2435-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202435-1\";\n\nif(description)\n{\n script_id(71240);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2010-4337\", \"CVE-2011-4328\", \"CVE-2012-1175\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:54:49 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2435-1 (gnash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"browser-plugin-gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-common\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-common-opengl\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-cygnal\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-dbg\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-doc\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-opengl\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gnash-tools\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"klash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"klash-opengl\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"konqueror-plugin-gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"mozilla-plugin-gnash\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swfdec-gnome\", ver:\"1:0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"swfdec-mozilla\", ver:\"0.8.8-5+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-06-05T11:11:41", "description": "gnash used predictable and world readable temporary file names to\nstore HTTP cookies", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnash", "p-cpe:/a:novell:opensuse:gnash-debuginfo", "p-cpe:/a:novell:opensuse:gnash-debugsource", "cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:gnash-devel"], "id": "OPENSUSE-2012-164.NASL", "href": "https://www.tenable.com/plugins/nessus/74569", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-164.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74569);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-4328\");\n\n script_name(english:\"openSUSE Security Update : gnash (openSUSE-SU-2012:0369-1)\");\n script_summary(english:\"Check for the openSUSE-2012-164 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gnash used predictable and world readable temporary file names to\nstore HTTP cookies\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00026.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnash packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnash-0.8.8-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnash-debuginfo-0.8.8-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnash-debugsource-0.8.8-9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"gnash-devel-0.8.8-9.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnash / gnash-debuginfo / gnash-debugsource / gnash-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-05T12:28:47", "description": "gnash used predictable and world readable temporary file names to\nstore HTTP cookies (CVE-2011-4328).", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gnash (openSUSE-SU-2012:0330-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gnash", "p-cpe:/a:novell:opensuse:gnash-debuginfo", "p-cpe:/a:novell:opensuse:gnash-debugsource", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:gnash-devel"], "id": "SUSE_11_4_GNASH-120306.NASL", "href": "https://www.tenable.com/plugins/nessus/75854", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnash-5931.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75854);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2011-4328\");\n\n script_name(english:\"openSUSE Security Update : gnash (openSUSE-SU-2012:0330-1)\");\n script_summary(english:\"Check for the gnash-5931 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gnash used predictable and world readable temporary file names to\nstore HTTP cookies (CVE-2011-4328).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=732324\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-03/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnash packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnash-0.8.8-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnash-debuginfo-0.8.8-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnash-debugsource-0.8.8-6.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"gnash-devel-0.8.8-6.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnash / gnash-devel / gnash-debuginfo / gnash-debugsource\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:24", "description": "Update to 0.8.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-03-09T00:00:00", "title": "Fedora 15 : gnash-0.8.10-1.fc15 (2012-2719)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "modified": "2012-03-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnash", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-2719.NASL", "href": "https://www.tenable.com/plugins/nessus/58296", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2719.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58296);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4328\");\n script_bugtraq_id(50747);\n script_xref(name:\"FEDORA\", value:\"2012-2719\");\n\n script_name(english:\"Fedora 15 : gnash-0.8.10-1.fc15 (2012-2719)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.8.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=755518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074823.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63e45b23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"gnash-0.8.10-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnash\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:24", "description": "Update to 0.8.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-03-09T00:00:00", "title": "Fedora 16 : gnash-0.8.10-1.fc16 (2012-2771)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "modified": "2012-03-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnash", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-2771.NASL", "href": "https://www.tenable.com/plugins/nessus/58297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2771.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58297);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4328\");\n script_bugtraq_id(50747);\n script_xref(name:\"FEDORA\", value:\"2012-2771\");\n\n script_name(english:\"Fedora 16 : gnash-0.8.10-1.fc16 (2012-2771)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.8.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=755518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8023a11e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"gnash-0.8.10-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnash\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:24", "description": "Update to 0.8.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-03-07T00:00:00", "title": "Fedora 17 : gnash-0.8.10-1.fc17 (2012-2617)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4328"], "modified": "2012-03-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:gnash"], "id": "FEDORA_2012-2617.NASL", "href": "https://www.tenable.com/plugins/nessus/58258", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2617.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58258);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4328\");\n script_bugtraq_id(50747);\n script_xref(name:\"FEDORA\", value:\"2012-2617\");\n\n script_name(english:\"Fedora 17 : gnash-0.8.10-1.fc17 (2012-2617)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 0.8.10\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=755518\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074579.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2f09d84\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnash package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"gnash-0.8.10-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnash\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:54:24", "description": "The remote host is affected by the vulnerability described in GLSA-201207-08\n(Gnash: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Gnash:\n The 'nsPluginInstance::setupCookies()' function in plugin.cpp creates\n world-readable cookies with predictable file names (CVE-2011-4328).\n The 'GnashImage::size()' function in GnashImage.h contains an integer\n overflow error which could cause a heap-based buffer overflow\n (CVE-2012-1175).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in execution of arbitrary code or a Denial of\n Service condition. Furthermore, a local attacker may be able to obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-07-10T00:00:00", "title": "GLSA-201207-08 : Gnash: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1175", "CVE-2011-4328"], "modified": "2012-07-10T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gnash", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201207-08.NASL", "href": "https://www.tenable.com/plugins/nessus/59900", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201207-08.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59900);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-4328\", \"CVE-2012-1175\");\n script_bugtraq_id(50747, 52446);\n script_xref(name:\"GLSA\", value:\"201207-08\");\n\n script_name(english:\"GLSA-201207-08 : Gnash: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201207-08\n(Gnash: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been found in Gnash:\n The 'nsPluginInstance::setupCookies()' function in plugin.cpp creates\n world-readable cookies with predictable file names (CVE-2011-4328).\n The 'GnashImage::size()' function in GnashImage.h contains an integer\n overflow error which could cause a heap-based buffer overflow\n (CVE-2012-1175).\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in execution of arbitrary code or a Denial of\n Service condition. Furthermore, a local attacker may be able to obtain\n sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201207-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Gnash users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/gnash-0.8.10-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/gnash\", unaffected:make_list(\"ge 0.8.10-r2\"), vulnerable:make_list(\"lt 0.8.10-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Gnash\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:22", "description": "Several vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.\n\n - CVE-2012-1175\n Tielei Wang from Georgia Tech Information Security\n Center discovered a vulnerability in GNU Gnash which is\n caused due to an integer overflow error and can be\n exploited to cause a heap-based buffer overflow by\n tricking a user into opening a specially crafted SWF\n file.\n\n - CVE-2011-4328\n Alexander Kurtz discovered an unsafe management of HTTP\n cookies. Cookie files are stored under /tmp and have\n predictable names, and the vulnerability allows a local\n attacker to overwrite arbitrary files the users has\n write permissions for, and are also world-readable which\n may cause information leak.\n\n - CVE-2010-4337\n Jakub Wilk discovered an unsafe management of temporary\n files during the build process. Files are stored under\n /tmp and have predictable names, and the vulnerability\n allows a local attacker to overwrite arbitrary files the\n users has write permissions for.", "edition": 16, "published": "2012-03-20T00:00:00", "title": "Debian DSA-2435-1 : gnash - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4337", "CVE-2012-1175", "CVE-2011-4328"], "modified": "2012-03-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:gnash"], "id": "DEBIAN_DSA-2435.NASL", "href": "https://www.tenable.com/plugins/nessus/58392", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2435. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58392);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-4337\", \"CVE-2011-4328\", \"CVE-2012-1175\");\n script_bugtraq_id(45102, 50747, 52446);\n script_xref(name:\"DSA\", value:\"2435\");\n\n script_name(english:\"Debian DSA-2435-1 : gnash - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.\n\n - CVE-2012-1175\n Tielei Wang from Georgia Tech Information Security\n Center discovered a vulnerability in GNU Gnash which is\n caused due to an integer overflow error and can be\n exploited to cause a heap-based buffer overflow by\n tricking a user into opening a specially crafted SWF\n file.\n\n - CVE-2011-4328\n Alexander Kurtz discovered an unsafe management of HTTP\n cookies. Cookie files are stored under /tmp and have\n predictable names, and the vulnerability allows a local\n attacker to overwrite arbitrary files the users has\n write permissions for, and are also world-readable which\n may cause information leak.\n\n - CVE-2010-4337\n Jakub Wilk discovered an unsafe management of temporary\n files during the build process. Files are stored under\n /tmp and have predictable names, and the vulnerability\n allows a local attacker to overwrite arbitrary files the\n users has write permissions for.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-1175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-4328\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-4337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/gnash\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2435\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnash packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.8-5+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"browser-plugin-gnash\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-common\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-common-opengl\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-cygnal\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-dbg\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-doc\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-opengl\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"gnash-tools\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"klash\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"klash-opengl\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"konqueror-plugin-gnash\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"mozilla-plugin-gnash\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"swfdec-gnome\", reference:\"0.8.8-5+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"swfdec-mozilla\", reference:\"0.8.8-5+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4328"], "description": "Gnash is capable of reading up to SWF v9 files and op-codes, but primarily supports SWF v7, with better SWF v8 and v9 support under heavy development. Gnash includes initial parser support for SWF v8 and v9. Not all ActionScript 2 classes are implemented yet, but all of the most heavily used ones are. Many ActionScript 2 classes are partially implemented; there is support for all of the commonly used methods of each class. ", "modified": "2012-03-06T20:37:32", "published": "2012-03-06T20:37:32", "id": "FEDORA:7666D22FF9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: gnash-0.8.10-1.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4328"], "description": "Gnash is capable of reading up to SWF v9 files and op-codes, but primarily supports SWF v7, with better SWF v8 and v9 support under heavy development. Gnash includes initial parser support for SWF v8 and v9. Not all ActionScript 2 classes are implemented yet, but all of the most heavily used ones are. Many ActionScript 2 classes are partially implemented; there is support for all of the commonly used methods of each class. ", "modified": "2012-03-08T21:25:29", "published": "2012-03-08T21:25:29", "id": "FEDORA:1E43C21C1F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: gnash-0.8.10-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2012-1175", "CVE-2011-4328"], "description": "### Background\n\nGnash is a GNU flash movie player that supports many SWF features.\n\n### Description\n\nMultiple vulnerabilities have been found in Gnash:\n\n * The \"nsPluginInstance::setupCookies()\" function in plugin.cpp creates world-readable cookies with predictable file names (CVE-2011-4328). \n * The \"GnashImage::size()\" function in GnashImage.h contains an integer overflow error which could cause a heap-based buffer overflow (CVE-2012-1175). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a local attacker may be able to obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Gnash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/gnash-0.8.10-r2\"", "edition": 1, "modified": "2012-07-09T00:00:00", "published": "2012-07-09T00:00:00", "id": "GLSA-201207-08", "href": "https://security.gentoo.org/glsa/201207-08", "type": "gentoo", "title": "Gnash: Multiple vulnerabilities", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2010-4337", "CVE-2012-1175", "CVE-2011-4328"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2435-1 security@debian.org\r\nhttp://www.debian.org/security/ Gabriele Giacone\r\nMarch 19, 2012 http://www.debian.org/security/faq\r\n- - -------------------------------------------------------------------------\r\n\r\nPackage : gnash\r\nVulnerability : several\r\nProblem type : local / local &#40;remote&#41;\r\nDebian-specific: no\r\nCVE ID : CVE-2010-4337 CVE-2011-4328 CVE-2012-1175\r\nDebian Bug : 605419 649384 664023\r\n\r\nSeveral vulnerabilities have been identified in Gnash, the GNU Flash\r\nplayer.\r\n\r\nCVE-2012-1175 \r\n\r\n Tielei Wang from Georgia Tech Information Security Center discovered a\r\n vulnerability in GNU Gnash which is caused due to an integer overflow\r\n error and can be exploited to cause a heap-based buffer overflow by\r\n tricking a user into opening a specially crafted SWF file.\r\n\r\nCVE-2011-4328\r\n\r\n Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie\r\n files are stored under /tmp and have predictable names, vulnerability\r\n that allows a local attacker to overwrite arbitrary files the users has\r\n write permissions for, and are also world-readable which may cause\r\n information leak.\r\n\r\nCVE-2010-4337\r\n\r\n Jakub Wilk discovered an unsafe management of temporary files during the\r\n build process. Files are stored under /tmp and have predictable names,\r\n vulnerability that allows a local attacker to overwrite arbitrary files\r\n the users has write permissions for.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 0.8.8-5+squeeze1.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 0.8.10-5.\r\n\r\nWe recommend that you upgrade your gnash packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAk9nusMACgkQQWTRs4lLtHkgpwCgl9BiBCIslY0CitvMaYj0hIxx\r\n+4UAoL9xJ0yinmxXn/rRrRgu11dzimgD\r\n=cfiS\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-03-26T00:00:00", "published": "2012-03-26T00:00:00", "id": "SECURITYVULNS:DOC:27843", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27843", "title": "[SECURITY] [DSA 2435-1] gnash security update", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2010-4337", "CVE-2012-1175", "CVE-2011-4328"], "description": "Ingerer overflow on SWF parsing, unsafe cookie handling, symbolic links vulnerability.", "edition": 1, "modified": "2012-03-26T00:00:00", "published": "2012-03-26T00:00:00", "id": "SECURITYVULNS:VULN:12292", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12292", "title": "gnash multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:16:30", "bulletinFamily": "unix", "cvelist": ["CVE-2010-4337", "CVE-2012-1175", "CVE-2011-4328"], "description": "- - -------------------------------------------------------------------------\nDebian Security Advisory DSA-2435-1 security@debian.org\nhttp://www.debian.org/security/ Gabriele Giacone\nMarch 19, 2012 http://www.debian.org/security/faq\n- - -------------------------------------------------------------------------\n\nPackage : gnash\nVulnerability : several\nProblem type : local / local (remote)\nDebian-specific: no\nCVE ID : CVE-2010-4337 CVE-2011-4328 CVE-2012-1175\nDebian Bug : 605419 649384 664023\n\nSeveral vulnerabilities have been identified in Gnash, the GNU Flash\nplayer.\n\nCVE-2012-1175 \n\n Tielei Wang from Georgia Tech Information Security Center discovered a\n vulnerability in GNU Gnash which is caused due to an integer overflow\n error and can be exploited to cause a heap-based buffer overflow by\n tricking a user into opening a specially crafted SWF file.\n\nCVE-2011-4328\n\n Alexander Kurtz discovered an unsafe management of HTTP cookies. Cookie\n files are stored under /tmp and have predictable names, vulnerability\n that allows a local attacker to overwrite arbitrary files the users has\n write permissions for, and are also world-readable which may cause\n information leak.\n\nCVE-2010-4337\n\n Jakub Wilk discovered an unsafe management of temporary files during the\n build process. Files are stored under /tmp and have predictable names,\n vulnerability that allows a local attacker to overwrite arbitrary files\n the users has write permissions for.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.8.8-5+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.8.10-5.\n\nWe recommend that you upgrade your gnash packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-03-19T23:24:13", "published": "2012-03-19T23:24:13", "id": "DEBIAN:DSA-2435-1:BBE65", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00064.html", "title": "[SECURITY] [DSA 2435-1] gnash security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}