ID FEDORA:3BE0221207 Type fedora Reporter Fedora Modified 2013-07-23T01:02:23
Description
This module makes child process objects, (created with spawn, fork, exec or execFile) emit the close event in node v0.6 like they do in node v0.8. This makes it easier to write code that works correctly on both versions of node.
{"id": "FEDORA:3BE0221207", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 18 Update: nodejs-child-process-close-0.1.1-2.fc18", "description": "This module makes child process objects, (created with spawn, fork, exec or execFile) emit the close event in node v0.6 like they do in node v0.8. This makes it easier to write code that works correctly on both versions of node. ", "published": "2013-07-23T01:02:23", "modified": "2013-07-23T01:02:23", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2013-4116"], "lastseen": "2020-12-21T08:17:51", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4116"]}, {"type": "openvas", "idList": ["OPENVAS:866393", "OPENVAS:1361412562310866203", "OPENVAS:866177", "OPENVAS:1361412562310866145", "OPENVAS:1361412562310866299", "OPENVAS:1361412562310866153", "OPENVAS:866127", "OPENVAS:1361412562310866211", "OPENVAS:1361412562310866365", "OPENVAS:866361"]}, {"type": "fedora", "idList": ["FEDORA:EC03B211F0", "FEDORA:4DF5D211EF", "FEDORA:C9EFA2122F", "FEDORA:E367021266", "FEDORA:A23A1211EA", "FEDORA:090BC211F0", "FEDORA:3D7D4211FD", "FEDORA:A2C0C211EF", "FEDORA:254192122F", "FEDORA:BFB14211FD"]}, {"type": "github", "idList": ["GHSA-V3JV-WRF4-5845"]}, {"type": "nessus", "idList": ["FEDORA_2013-11780.NASL"]}], "modified": "2020-12-21T08:17:51", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2020-12-21T08:17:51", "rev": 2}, "vulnersScore": 5.1}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "18", "arch": "any", "packageName": "nodejs-child-process-close", "packageVersion": "0.1.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-12-09T19:52:44", "description": "lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.", "edition": 6, "cvss3": {}, "published": "2014-04-22T14:23:00", "title": "CVE-2013-4116", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4116"], "modified": "2020-10-14T13:21:00", "cpe": [], "id": "CVE-2013-4116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4116", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}], "openvas": [{"lastseen": "2018-01-18T11:08:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-config-chain", "modified": "2018-01-18T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:866135", "href": "http://plugins.openvas.org/nasl.php?oid=866135", "type": "openvas", "title": "Fedora Update for nodejs-config-chain FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-config-chain FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866135);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:27:58 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-config-chain FEDORA-2013-11780\");\n\n tag_insight = \"Use this module to load all your configurations.\n\";\n\n tag_affected = \"nodejs-config-chain on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-11780\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112123.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs-config-chain\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-config-chain\", rpm:\"nodejs-config-chain~1.1.7~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866211", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866211", "type": "openvas", "title": "Fedora Update for nodejs-asn1 FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-asn1 FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866211\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:34:23 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-asn1 FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-asn1 on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112133.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-asn1'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-asn1\", rpm:\"nodejs-asn1~0.1.11~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-02-06T13:09:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-fstream", "modified": "2018-02-05T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:866765", "href": "http://plugins.openvas.org/nasl.php?oid=866765", "type": "openvas", "title": "Fedora Update for nodejs-fstream FEDORA-2013-12908", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-fstream FEDORA-2013-12908\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866765);\n script_version(\"$Revision: 8672 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-05 17:39:18 +0100 (Mon, 05 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:26:32 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-fstream FEDORA-2013-12908\");\n\n tag_insight = \"Provides advanced file system stream objects for Node.js. These objects are\nlike FS streams, but with stat on them, and support directories and\nsymbolic links, as well as normal files. Also, you can use them to set\nthe stats on a file, even if you don't change its contents, or to create\na symlink, etc.\n\";\n\n tag_affected = \"nodejs-fstream on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-12908\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112172.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs-fstream\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-fstream\", rpm:\"nodejs-fstream~0.1.23~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866153", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866153", "type": "openvas", "title": "Fedora Update for nodejs-inherits FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-inherits FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866153\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:29:03 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-inherits FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-inherits on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112150.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-inherits'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-inherits\", rpm:\"nodejs-inherits~2.0.0~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866365", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866365", "type": "openvas", "title": "Fedora Update for nodejs-cookie-jar FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-cookie-jar FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866365\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:39:11 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-cookie-jar FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-cookie-jar on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112124.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-cookie-jar'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-cookie-jar\", rpm:\"nodejs-cookie-jar~0.3.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866145", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866145", "type": "openvas", "title": "Fedora Update for nodejs-oauth-sign FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-oauth-sign FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866145\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:28:47 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-oauth-sign FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-oauth-sign on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112138.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-oauth-sign'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-oauth-sign\", rpm:\"nodejs-oauth-sign~0.3.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-02-05T11:10:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-better-assert", "modified": "2018-02-03T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:866361", "href": "http://plugins.openvas.org/nasl.php?oid=866361", "type": "openvas", "title": "Fedora Update for nodejs-better-assert FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-better-assert FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866361);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:39:03 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-better-assert FEDORA-2013-11780\");\n\n tag_insight = \"C-style assert() for Node.js, reporting the expression string as the error\nmessage.\n\";\n\n tag_affected = \"nodejs-better-assert on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-11780\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112126.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs-better-assert\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-better-assert\", rpm:\"nodejs-better-assert~1.0.0~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866127", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866127", "type": "openvas", "title": "Fedora Update for nodejs-tunnel-agent FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-tunnel-agent FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866127\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:27:45 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-tunnel-agent FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-tunnel-agent on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112144.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-tunnel-agent'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-tunnel-agent\", rpm:\"nodejs-tunnel-agent~0.3.0~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-01-24T11:09:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-semver", "modified": "2018-01-24T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:866779", "href": "http://plugins.openvas.org/nasl.php?oid=866779", "type": "openvas", "title": "Fedora Update for nodejs-semver FEDORA-2013-12908", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-semver FEDORA-2013-12908\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866779);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:27:00 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-semver FEDORA-2013-12908\");\n\n tag_insight = \"The semantic version comparison library for the Node.js package manager (npm).\n\";\n\n tag_affected = \"nodejs-semver on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-12908\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112177.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs-semver\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-semver\", rpm:\"nodejs-semver~2.0.10~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866252", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866252", "type": "openvas", "title": "Fedora Update for nodejs-ctype FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-ctype FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866252\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:35:31 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-ctype FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-ctype on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112119.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-ctype'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-ctype\", rpm:\"nodejs-ctype~0.5.3~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "nodejs-http-signature is a node.js library that has client and server compo nents for Joyent's HTTP Signature Scheme. ", "modified": "2013-07-23T01:02:23", "published": "2013-07-23T01:02:23", "id": "FEDORA:A2C0C211EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-http-signature-0.10.0-3.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "C-style assert() for Node.js, reporting the expression string as the error message. ", "modified": "2013-07-23T01:02:23", "published": "2013-07-23T01:02:23", "id": "FEDORA:5DA68211EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-better-assert-1.0.0-2.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Client for the npm registry, or private servers using the npm registry soft ware. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:7F8F921207", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-npm-registry-client-0.2.27-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "This is a mix-and-match set of utilities that you can use to write test harnesses and frameworks that communicate with one another using the Test Anything Protocol. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:3D7D4211FD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-tap-0.4.1-6.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink, etc. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:4DF5D211EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-fstream-0.1.23-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Use this module to load all your configurations. ", "modified": "2013-07-23T01:02:23", "published": "2013-07-23T01:02:23", "id": "FEDORA:C9EFA2122F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-config-chain-1.1.7-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "node-gyp is a cross-platform command-line tool written in Node.js for compi ling native addon modules for Node.js, which takes away the pain of dealing with the various differences in build platforms. It is the replacement to the node-w af program which is removed for node v0.8. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:67E89211F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: node-gyp-0.10.6-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "This is a glob implementation in pure JavaScript. It uses the minimatch lib rary to do its matching. ", "modified": "2013-07-23T01:04:54", "published": "2013-07-23T01:04:54", "id": "FEDORA:604D3219C1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: nodejs-glob-3.2.3-1.fc19", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Check and get file hashes using MD5, SHA1, or any other algorithm supported by OpenSSL. ", "modified": "2013-07-23T01:04:54", "published": "2013-07-23T01:04:54", "id": "FEDORA:A9FAC219D9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: nodejs-sha-1.0.1-4.fc19", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "A deep deletion module for node.js (like `rm -rf`). ", "modified": "2013-07-23T01:02:24", "published": "2013-07-23T01:02:24", "id": "FEDORA:AF8C6211F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-rimraf-2.2.0-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "nodejs": [{"lastseen": "2020-09-29T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2013-4116"], "description": "## Overview\n\nAffected versions of `npm` use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the `npm` process has permission to write to, potentially resulting in local privilege escalation.\n\n\n## Recommendation\n\nUpdate to version 1.3.3 or later.\n\n## References\n\n- [Issue #3635](https://github.com/npm/npm/issues/3635)\n- [OpenWall OSS Security - 07.10.13](http://www.openwall.com/lists/oss-security/2013/07/10/17)", "modified": "2019-06-24T14:56:20", "published": "2016-10-27T16:08:31", "id": "NODEJS:152", "href": "https://www.npmjs.com/advisories/152", "type": "nodejs", "title": "Local Privilege Escalation", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:54", "description": "Update to the latest version of npm, fixing several bugs including a\nminor security bug.\n\nFor more information about recent changes in npm, see the changelog at\nGitHub: https://github.com/isaacs/npm/commits/v1.3.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-07-23T00:00:00", "title": "Fedora 19 : node-gyp-0.10.6-1.fc19 / nodejs-fstream-0.1.23-1.fc19 / nodejs-glob-3.2.3-1.fc19 / etc (2013-12908)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "modified": "2013-07-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nodejs-npmlog", "p-cpe:/a:fedoraproject:fedora:nodejs-npm-registry-client", "p-cpe:/a:fedoraproject:fedora:npm", "cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:nodejs-sha", "p-cpe:/a:fedoraproject:fedora:node-gyp", "p-cpe:/a:fedoraproject:fedora:nodejs-lockfile", "p-cpe:/a:fedoraproject:fedora:nodejs-graceful-fs", "p-cpe:/a:fedoraproject:fedora:nodejs-glob", "p-cpe:/a:fedoraproject:fedora:nodejs-semver", "p-cpe:/a:fedoraproject:fedora:nodejs-fstream"], "id": "FEDORA_2013-12908.NASL", "href": "https://www.tenable.com/plugins/nessus/69005", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-12908.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(69005);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4116\");\n script_bugtraq_id(61083);\n script_xref(name:\"FEDORA\", value:\"2013-12908\");\n\n script_name(english:\"Fedora 19 : node-gyp-0.10.6-1.fc19 / nodejs-fstream-0.1.23-1.fc19 / nodejs-glob-3.2.3-1.fc19 / etc (2013-12908)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the latest version of npm, fixing several bugs including a\nminor security bug.\n\nFor more information about recent changes in npm, see the changelog at\nGitHub: https://github.com/isaacs/npm/commits/v1.3.3\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=983918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=984202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=985305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/isaacs/npm/commits/v1.3.3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112172.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a4f49601\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112173.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?506c2c4d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112174.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59d2b81c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112175.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a1e0b698\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112176.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c438c7da\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112177.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d2c2f70\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112178.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bad27466\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112179.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07bb357d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112180.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7b418ab\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112181.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?282f23d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:node-gyp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-fstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-glob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-graceful-fs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-lockfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-npm-registry-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-npmlog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-semver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-sha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"node-gyp-0.10.6-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-fstream-0.1.23-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-glob-3.2.3-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-graceful-fs-2.0.0-2.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-lockfile-0.4.0-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-npm-registry-client-0.2.27-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-npmlog-0.0.4-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-semver-2.0.10-1.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"nodejs-sha-1.0.1-4.fc19\")) flag++;\nif (rpm_check(release:\"FC19\", reference:\"npm-1.3.3-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"node-gyp / nodejs-fstream / nodejs-glob / nodejs-graceful-fs / etc\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}]}
