ID FEDORA:2BCF260BE74A Type fedora Reporter Fedora Modified 2017-07-31T16:23:48
Description
Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities.
{"cve": [{"lastseen": "2021-02-02T06:36:50", "description": "In Moodle 3.x, course creators are able to change system default settings for courses.", "edition": 5, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-17T17:29:00", "title": "CVE-2017-7532", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7532"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:moodle:moodle:3.2.3", "cpe:/a:moodle:moodle:3.1.0", "cpe:/a:moodle:moodle:3.2.1", "cpe:/a:moodle:moodle:3.2.2", "cpe:/a:moodle:moodle:3.3.0", "cpe:/a:moodle:moodle:3.3.1", "cpe:/a:moodle:moodle:3.1.5", "cpe:/a:moodle:moodle:3.2.0", "cpe:/a:moodle:moodle:3.1.1", "cpe:/a:moodle:moodle:3.1.3", "cpe:/a:moodle:moodle:3.1.2", "cpe:/a:moodle:moodle:3.1.6", "cpe:/a:moodle:moodle:3.1.4"], "id": "CVE-2017-7532", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7532", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:moodle:moodle:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:36:43", "description": "Moodle 3.x has user fullname disclosure on the user preferences page.", "edition": 4, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-17T17:29:00", "title": "CVE-2017-2642", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-2642"], "modified": "2017-07-19T19:08:00", "cpe": ["cpe:/a:moodle:moodle:3.2.3", "cpe:/a:moodle:moodle:3.1.0", "cpe:/a:moodle:moodle:3.2.1", "cpe:/a:moodle:moodle:3.2.2", "cpe:/a:moodle:moodle:3.3.0", "cpe:/a:moodle:moodle:3.3.1", "cpe:/a:moodle:moodle:3.1.5", "cpe:/a:moodle:moodle:3.2.0", "cpe:/a:moodle:moodle:3.1.1", "cpe:/a:moodle:moodle:3.1.3", "cpe:/a:moodle:moodle:3.1.2", "cpe:/a:moodle:moodle:3.1.6", "cpe:/a:moodle:moodle:3.1.4"], "id": "CVE-2017-2642", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2642", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:moodle:moodle:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.3.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:34:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7532", "CVE-2017-2642"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873196", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2017-b0918e3905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_b0918e3905_moodle_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for moodle FEDORA-2017-b0918e3905\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873196\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:41 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-2642\", \"CVE-2017-7532\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2017-b0918e3905\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'moodle'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"moodle on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-b0918e3905\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWLV4TTNRBSNKWWYP73KMQNIYQDLARGE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.1.7~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-10-09T14:49:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7532", "CVE-2017-2642"], "description": "Moodle is prone to multiple vulnerabilities.", "modified": "2019-10-07T00:00:00", "published": "2018-05-09T00:00:00", "id": "OPENVAS:1361412562310112267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112267", "type": "openvas", "title": "Moodle 3.x Multiple Vulnerabilities - Jul'17 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Moodle 3.x Multiple Vulnerabilities - Jul'17 (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112267\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 12:36:11 +0200 (Wed, 09 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2017-7532\", \"CVE-2017-2642\");\n script_bugtraq_id(99617, 99606);\n\n script_name(\"Moodle 3.x Multiple Vulnerabilities - Jul'17 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"moodle/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Moodle is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - user fullname disclosure on the user preferences page\n\n - course creators are able to change system default settings for courses.\");\n script_tag(name:\"affected\", value:\"Moodle 3.3, 3.2 to 3.2.3, 3.1 to 3.1.6 and earlier unsupported versions.\");\n script_tag(name:\"solution\", value:\"Update to version 3.3.1, 3.2.4 or 3.1.7 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://moodle.org/mod/forum/discuss.php?d=355554\");\n script_xref(name:\"URL\", value:\"https://moodle.org/mod/forum/discuss.php?d=355556\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:moodle:moodle\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( port: port, cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nversion = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version: version, test_version: \"3.1.7\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.1.7\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.2.0\", test_version2: \"3.2.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.2.4\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_is_equal( version: version, test_version: \"3.3.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.3.1\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 0 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-10-09T14:49:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7532", "CVE-2017-2642"], "description": "Moodle is prone to multiple vulnerabilities.", "modified": "2019-10-07T00:00:00", "published": "2018-05-09T00:00:00", "id": "OPENVAS:1361412562310112268", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112268", "type": "openvas", "title": "Moodle 3.x Multiple Vulnerabilities - Jul'17 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Moodle 3.x Multiple Vulnerabilities - Jul'17 (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112268\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-09 12:36:11 +0200 (Wed, 09 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2017-7532\", \"CVE-2017-2642\");\n script_bugtraq_id(99617, 99606);\n\n script_name(\"Moodle 3.x Multiple Vulnerabilities - Jul'17 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"moodle/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Moodle is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - user fullname disclosure on the user preferences page\n\n - course creators are able to change system default settings for courses.\");\n script_tag(name:\"affected\", value:\"Moodle 3.3, 3.2 to 3.2.3, 3.1 to 3.1.6 and earlier unsupported versions.\");\n script_tag(name:\"solution\", value:\"Update to version 3.3.1, 3.2.4 or 3.1.7 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://moodle.org/mod/forum/discuss.php?d=355554\");\n script_xref(name:\"URL\", value:\"https://moodle.org/mod/forum/discuss.php?d=355556\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:moodle:moodle\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_location( port: port, cpe:CPE, exit_no_version:TRUE ) ) exit( 0 );\nversion = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version: version, test_version: \"3.1.7\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.1.7\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"3.2.0\", test_version2: \"3.2.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.2.4\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_is_equal( version: version, test_version: \"3.3.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.3.1\", install_path: path );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7532", "CVE-2017-2642"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873197", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2017-60410804eb", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_60410804eb_moodle_fc24.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for moodle FEDORA-2017-60410804eb\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873197\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:35 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-2642\", \"CVE-2017-7532\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2017-60410804eb\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'moodle'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"moodle on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-60410804eb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UAGIXDLTIFIIEZ6DXB6HR4X4EYONOE3L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.1.7~1.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:33:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7532", "CVE-2017-2642"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2017-08-04T00:00:00", "id": "OPENVAS:1361412562310873195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873195", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2017-33ae36adb3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_33ae36adb3_moodle_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for moodle FEDORA-2017-33ae36adb3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873195\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-04 12:46:54 +0530 (Fri, 04 Aug 2017)\");\n script_cve_id(\"CVE-2017-2642\", \"CVE-2017-7532\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for moodle FEDORA-2017-33ae36adb3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'moodle'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"moodle on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-33ae36adb3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ER57JWBBJOAM7K6QKMERDKVND6N3OX6O\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~3.2.4~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2642", "CVE-2017-7532"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2017-07-31T19:19:44", "published": "2017-07-31T19:19:44", "id": "FEDORA:4A35A60E86E5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: moodle-3.1.7-1.fc24", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-2642", "CVE-2017-7532"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2017-07-31T20:21:28", "published": "2017-07-31T20:21:28", "id": "FEDORA:0470B605A2B3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: moodle-3.1.7-1.fc25", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-07T10:12:54", "description": "Fix for multiple CVEs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-08-01T00:00:00", "title": "Fedora 25 : moodle (2017-b0918e3905)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2642"], "modified": "2017-08-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-B0918E3905.NASL", "href": "https://www.tenable.com/plugins/nessus/102089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-b0918e3905.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102089);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2642\");\n script_xref(name:\"FEDORA\", value:\"2017-b0918e3905\");\n\n script_name(english:\"Fedora 25 : moodle (2017-b0918e3905)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for multiple CVEs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0918e3905\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"moodle-3.1.7-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:11:20", "description": "Fix for multiple CVEs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-08-11T00:00:00", "title": "Fedora 24 : moodle (2017-60410804eb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2642"], "modified": "2017-08-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-60410804EB.NASL", "href": "https://www.tenable.com/plugins/nessus/102390", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-60410804eb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102390);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-2642\");\n script_xref(name:\"FEDORA\", value:\"2017-60410804eb\");\n\n script_name(english:\"Fedora 24 : moodle (2017-60410804eb)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for multiple CVEs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-60410804eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"moodle-3.1.7-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:15:49", "description": "Fix for multiple CVEs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2017-08-01T00:00:00", "title": "Fedora 26 : moodle (2017-33ae36adb3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-2642"], "modified": "2017-08-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-33AE36ADB3.NASL", "href": "https://www.tenable.com/plugins/nessus/102087", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-33ae36adb3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102087);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-2642\");\n script_xref(name:\"FEDORA\", value:\"2017-33ae36adb3\");\n\n script_name(english:\"Fedora 26 : moodle (2017-33ae36adb3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for multiple CVEs\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-33ae36adb3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"moodle-3.2.4-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}]}
