{"cve": [{"lastseen": "2020-10-03T12:10:42", "description": "Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2016-01-26T19:59:00", "title": "CVE-2016-1926", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1926"], "modified": "2018-10-09T19:59:00", "cpe": ["cpe:/a:greenbone:greenbone_security_assistant:6.0.6", "cpe:/a:greenbone:greenbone_security_assistant:6.0.7", "cpe:/o:greenbone:greenbone_os:3.1.11", "cpe:/a:greenbone:greenbone_security_assistant:6.0.0", "cpe:/o:greenbone:greenbone_os:3.1.9", "cpe:/o:greenbone:greenbone_os:3.1.22", "cpe:/a:greenbone:greenbone_security_assistant:6.0.2", "cpe:/o:greenbone:greenbone_os:3.1.23", "cpe:/o:greenbone:greenbone_os:3.1.12", "cpe:/o:greenbone:greenbone_os:3.1.6", "cpe:/o:greenbone:greenbone_os:3.1.18", "cpe:/o:greenbone:greenbone_os:3.1.8", "cpe:/o:greenbone:greenbone_os:3.1.20", "cpe:/o:greenbone:greenbone_os:3.1.16", "cpe:/o:greenbone:greenbone_os:3.1.10", "cpe:/a:greenbone:greenbone_security_assistant:6.0.3", "cpe:/o:greenbone:greenbone_os:3.1.7", "cpe:/o:greenbone:greenbone_os:3.1.19", "cpe:/a:greenbone:greenbone_security_assistant:6.0.5", "cpe:/o:greenbone:greenbone_os:3.1.1", "cpe:/o:greenbone:greenbone_os:3.1.14", "cpe:/o:fedoraproject:fedora:22", "cpe:/o:greenbone:greenbone_os:3.1.21", "cpe:/o:greenbone:greenbone_os:3.1.15", "cpe:/o:fedoraproject:fedora:23", "cpe:/o:greenbone:greenbone_os:3.1.13", "cpe:/o:greenbone:greenbone_os:3.1.17", "cpe:/a:greenbone:greenbone_security_assistant:6.0.4", "cpe:/a:greenbone:greenbone_security_assistant:6.0.1"], "id": "CVE-2016-1926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1926", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.7:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.18:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.22:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.15:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.14:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.6:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.16:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.20:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.6:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.23:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.17:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.12:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.8:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.7:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.10:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:greenbone:greenbone_security_assistant:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:o:greenbone:greenbone_os:3.1.19:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310808009", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808009", "type": "openvas", "title": "Fedora Update for openvas-libraries FEDORA-2016-9851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvas-libraries FEDORA-2016-9851\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808009\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:17:58 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2016-1926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openvas-libraries FEDORA-2016-9851\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvas-libraries'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvas-libraries on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9851\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184475.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvas-libraries\", rpm:\"openvas-libraries~8.0.7~2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310808008", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808008", "type": "openvas", "title": "Fedora Update for openvas-gsa FEDORA-2016-9851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvas-gsa FEDORA-2016-9851\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808008\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:17:56 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2016-1926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openvas-gsa FEDORA-2016-9851\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvas-gsa'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvas-gsa on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9851\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184479.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvas-gsa\", rpm:\"openvas-gsa~6.0.10~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "description": "It has been identified that Greenbone Security Assistant (GSA) is vulnerable to cross site scripting\n vulnerability.", "modified": "2019-02-26T00:00:00", "published": "2017-07-26T00:00:00", "id": "OPENVAS:1361412562310108196", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108196", "type": "openvas", "title": "Greenbone Security Assistant 6.0 < 6.0.8 Cross-Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_gsa_xss_vuln_0116.nasl 13882 2019-02-26 13:07:41Z cfischer $\n#\n# Greenbone Security Assistant 6.0 < 6.0.8 Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:greenbone:greenbone_security_assistant\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108196\");\n script_version(\"$Revision: 13882 $\");\n script_cve_id(\"CVE-2016-1926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-26 14:07:41 +0100 (Tue, 26 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-07-26 13:00:00 +0200 (Wed, 26 Jul 2017)\");\n script_name(\"Greenbone Security Assistant 6.0 < 6.0.8 Cross-Site Scripting Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_gsa_detect.nasl\");\n script_require_ports(\"Services/www\", 80, 443, 9392);\n script_mandatory_keys(\"greenbone_security_assistant/detected\");\n\n script_xref(name:\"URL\", value:\"http://openvas.org/OVSA20160113.html\");\n\n script_tag(name:\"summary\", value:\"It has been identified that Greenbone Security Assistant (GSA) is vulnerable to cross site scripting\n vulnerability.\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to a improper handling of the parameters of the get_aggregate command.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Given the attacker has access to a session token of the browser session, the cross site scripting\n can be executed.\");\n\n script_tag(name:\"affected\", value:\"Greenbone Security Assistant version 6.0.x before 6.0.8.\");\n\n script_tag(name:\"solution\", value:\"Update Greenbone Security Assistant to version 6.0.8 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) )\n exit( 0 );\n\nif( ! vers = get_app_version( cpe:CPE, port:port ) )\n exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"6.0.0\", test_version2:\"6.0.7\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"6.0.8\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310808007", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808007", "type": "openvas", "title": "Fedora Update for openvas-cli FEDORA-2016-9851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvas-cli FEDORA-2016-9851\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808007\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:18:02 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2016-1926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openvas-cli FEDORA-2016-9851\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvas-cli'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvas-cli on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9851\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184477.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvas-cli\", rpm:\"openvas-cli~1.4.4~1.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310808010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808010", "type": "openvas", "title": "Fedora Update for openvas-manager FEDORA-2016-9851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvas-manager FEDORA-2016-9851\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808010\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:18:03 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2016-1926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openvas-manager FEDORA-2016-9851\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvas-manager'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvas-manager on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9851\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvas-manager\", rpm:\"openvas-manager~6.0.8~2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:35:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310808006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808006", "type": "openvas", "title": "Fedora Update for openvas-scanner FEDORA-2016-9851", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openvas-scanner FEDORA-2016-9851\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808006\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:17:59 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2016-1926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for openvas-scanner FEDORA-2016-9851\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openvas-scanner'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"openvas-scanner on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-9851\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184476.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"openvas-scanner\", rpm:\"openvas-scanner~5.0.5~3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "Scanner module for the Open Vulnerability Assessment System (OpenVAS). ", "modified": "2016-05-08T15:21:36", "published": "2016-05-08T15:21:36", "id": "FEDORA:C498F6060E9D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openvas-scanner-5.0.5-3.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "openvas-libraries is the base library for the OpenVAS network security scanner. ", "modified": "2016-05-08T15:21:36", "published": "2016-05-08T15:21:36", "id": "FEDORA:B33076060E98", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openvas-libraries-8.0.7-2.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "OpenVAS CLI contains the command line tool \"omp\" which allows to create bat ch processes to drive OpenVAS Manager. ", "modified": "2016-05-08T15:21:36", "published": "2016-05-08T15:21:36", "id": "FEDORA:D3B656060B62", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openvas-cli-1.4.4-1.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "The OpenVAS Manager is the central service that consolidates plain vulnerab ility scanning into a full vulnerability management solution. The Manager control s the Scanner via OTP and itself offers the XML-based, stateless OpenVAS Manageme nt Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e. g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored. ", "modified": "2016-05-08T15:21:36", "published": "2016-05-08T15:21:36", "id": "FEDORA:BB4966060E9B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openvas-manager-6.0.8-2.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "The Greenbone Security Assistant (GSA) is a lean web service offering a user web interface for the Open Vulnerability Assessment System (OpenVAS). The GSA uses XSL transformation style-sheets that converts OMP responses from the OpenVAS infrastructure into presentable HTML. ", "modified": "2016-05-08T15:21:36", "published": "2016-05-08T15:21:36", "id": "FEDORA:8CEB46060E73", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: openvas-gsa-6.0.10-3.fc22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "OpenVAS CLI contains the command line tool \"omp\" which allows to create bat ch processes to drive OpenVAS Manager. ", "modified": "2016-05-01T23:54:03", "published": "2016-05-01T23:54:03", "id": "FEDORA:6D4F36062E43", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openvas-cli-1.4.4-1.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "The Greenbone Security Assistant (GSA) is a lean web service offering a user web interface for the Open Vulnerability Assessment System (OpenVAS). The GSA uses XSL transformation style-sheets that converts OMP responses from the OpenVAS infrastructure into presentable HTML. ", "modified": "2016-05-01T23:54:03", "published": "2016-05-01T23:54:03", "id": "FEDORA:792DA6062E49", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openvas-gsa-6.0.10-3.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "The OpenVAS Manager is the central service that consolidates plain vulnerab ility scanning into a full vulnerability management solution. The Manager control s the Scanner via OTP and itself offers the XML-based, stateless OpenVAS Manageme nt Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e. g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored. ", "modified": "2016-05-01T23:54:03", "published": "2016-05-01T23:54:03", "id": "FEDORA:511D86062E35", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openvas-manager-6.0.8-2.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2016-1926"], "description": "Scanner module for the Open Vulnerability Assessment System (OpenVAS). ", "modified": "2016-05-01T23:54:03", "published": "2016-05-01T23:54:03", "id": "FEDORA:819E36062E4C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: openvas-scanner-5.0.5-3.fc23", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-12T10:14:40", "description": "Bump to latest upstream bugfix releases. Contains Security fix for\nCVE-2016-1926\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-05-03T00:00:00", "title": "Fedora 23 : openvas-cli-1.4.4-1.fc23 / openvas-gsa-6.0.10-3.fc23 / openvas-libraries-8.0.7-2.fc23 / etc (2016-afdedc8da9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "modified": "2016-05-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openvas-libraries", "p-cpe:/a:fedoraproject:fedora:openvas-scanner", "p-cpe:/a:fedoraproject:fedora:openvas-manager", "p-cpe:/a:fedoraproject:fedora:openvas-cli", "p-cpe:/a:fedoraproject:fedora:openvas-gsa", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-AFDEDC8DA9.NASL", "href": "https://www.tenable.com/plugins/nessus/90842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-afdedc8da9.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90842);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1926\");\n script_xref(name:\"FEDORA\", value:\"2016-afdedc8da9\");\n\n script_name(english:\"Fedora 23 : openvas-cli-1.4.4-1.fc23 / openvas-gsa-6.0.10-3.fc23 / openvas-libraries-8.0.7-2.fc23 / etc (2016-afdedc8da9)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bump to latest upstream bugfix releases. Contains Security fix for\nCVE-2016-1926\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300683\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183367.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b77a53f1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183368.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d600bae4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183369.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bc8e7472\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183370.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c61ca5c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183371.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?222ba6e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-gsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-libraries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-manager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"openvas-cli-1.4.4-1.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"openvas-gsa-6.0.10-3.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"openvas-libraries-8.0.7-2.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"openvas-manager-6.0.8-2.fc23\")) flag++;\nif (rpm_check(release:\"FC23\", reference:\"openvas-scanner-5.0.5-3.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openvas-cli / openvas-gsa / openvas-libraries / openvas-manager / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:14:33", "description": "Bump to latest upstream bugfix releases. Contains Security fix for\nCVE-2016-1926\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2016-05-09T00:00:00", "title": "Fedora 22 : openvas-cli-1.4.4-1.fc22 / openvas-gsa-6.0.10-3.fc22 / openvas-libraries-8.0.7-2.fc22 / etc (2016-9851b69dbb)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-1926"], "modified": "2016-05-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openvas-libraries", "p-cpe:/a:fedoraproject:fedora:openvas-scanner", "p-cpe:/a:fedoraproject:fedora:openvas-manager", "p-cpe:/a:fedoraproject:fedora:openvas-cli", "cpe:/o:fedoraproject:fedora:22", "p-cpe:/a:fedoraproject:fedora:openvas-gsa"], "id": "FEDORA_2016-9851B69DBB.NASL", "href": "https://www.tenable.com/plugins/nessus/90968", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-9851b69dbb.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90968);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-1926\");\n script_xref(name:\"FEDORA\", value:\"2016-9851b69dbb\");\n\n script_name(english:\"Fedora 22 : openvas-cli-1.4.4-1.fc22 / openvas-gsa-6.0.10-3.fc22 / openvas-libraries-8.0.7-2.fc22 / etc (2016-9851b69dbb)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bump to latest upstream bugfix releases. Contains Security fix for\nCVE-2016-1926\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1300683\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184475.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3816ad04\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184476.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5bd538f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184477.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1ced0d28\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184478.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d84f0b1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184479.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99d85b2a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-gsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-libraries\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-manager\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openvas-scanner\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"openvas-cli-1.4.4-1.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"openvas-gsa-6.0.10-3.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"openvas-libraries-8.0.7-2.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"openvas-manager-6.0.8-2.fc22\")) flag++;\nif (rpm_check(release:\"FC22\", reference:\"openvas-scanner-5.0.5-3.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openvas-cli / openvas-gsa / openvas-libraries / openvas-manager / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
