{"cve": [{"lastseen": "2020-12-09T19:52:44", "description": "lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.", "edition": 6, "cvss3": {}, "published": "2014-04-22T14:23:00", "title": "CVE-2013-4116", "type": "cve", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4116"], "modified": "2020-10-14T13:21:00", "cpe": [], "id": "CVE-2013-4116", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4116", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": []}], "openvas": [{"lastseen": "2017-07-25T10:51:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-read-package-json", "modified": "2017-07-10T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:866355", "href": "http://plugins.openvas.org/nasl.php?oid=866355", "type": "openvas", "title": "Fedora Update for nodejs-read-package-json FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-read-package-json FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866355);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:38:51 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-read-package-json FEDORA-2013-11780\");\n\n tag_insight = \"The thing npm uses to read package.json files, with semantics, defaults and\nvalidation.\n\";\n\n tag_affected = \"nodejs-read-package-json on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-11780\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112140.html\");\n script_summary(\"Check for the Version of nodejs-read-package-json\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-read-package-json\", rpm:\"nodejs-read-package-json~1.1.0~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-22T13:10:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-graceful-fs", "modified": "2018-01-22T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:866150", "href": "http://plugins.openvas.org/nasl.php?oid=866150", "type": "openvas", "title": "Fedora Update for nodejs-graceful-fs FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-graceful-fs FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866150);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:28:59 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-graceful-fs FEDORA-2013-11780\");\n\n tag_insight = \"Just like node.js' fs module, but it does an incremental back-off when EMFILE is\nencountered. Useful in asynchronous situations where one needs to try to open\nlots and lots of files.\n\";\n\n tag_affected = \"nodejs-graceful-fs on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-11780\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112161.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs-graceful-fs\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-graceful-fs\", rpm:\"nodejs-graceful-fs~2.0.0~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-20T00:00:00", "id": "OPENVAS:1361412562310866622", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866622", "type": "openvas", "title": "Fedora Update for nodejs-npm-registry-client FEDORA-2013-12908", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-npm-registry-client FEDORA-2013-12908\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866622\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-20 15:18:35 +0530 (Tue, 20 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-npm-registry-client FEDORA-2013-12908\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-npm-registry-client on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-12908\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112173.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-npm-registry-client'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-npm-registry-client\", rpm:\"nodejs-npm-registry-client~0.2.27~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866390", "type": "openvas", "title": "Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866390\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:40:00 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-npm-user-validate on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112116.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-npm-user-validate'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-npm-user-validate\", rpm:\"nodejs-npm-user-validate~0.0.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866375", "type": "openvas", "title": "Fedora Update for npm FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for npm FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866375\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:39:30 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for npm FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"npm on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112156.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'npm'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"npm\", rpm:\"npm~1.3.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866267", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866267", "type": "openvas", "title": "Fedora Update for nodejs-fstream FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-fstream FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866267\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:36:11 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-fstream FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-fstream on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112153.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-fstream'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-fstream\", rpm:\"nodejs-fstream~0.1.23~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:05", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866120", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866120", "type": "openvas", "title": "Fedora Update for nodejs-callsite FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-callsite FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866120\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:25:16 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-callsite FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-callsite on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112115.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-callsite'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-callsite\", rpm:\"nodejs-callsite~1.0.0~2.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-01-26T11:10:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "Check for the Version of nodejs-npm-user-validate", "modified": "2018-01-25T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:866390", "href": "http://plugins.openvas.org/nasl.php?oid=866390", "type": "openvas", "title": "Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866390);\n script_version(\"$Revision: 8526 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 07:57:37 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:40:00 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-npm-user-validate FEDORA-2013-11780\");\n\n tag_insight = \"This library validates usernames, passwords, and e-mail addresses to the\nstandards required by the npm registry.\n\";\n\n tag_affected = \"nodejs-npm-user-validate on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-11780\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112116.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of nodejs-npm-user-validate\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-npm-user-validate\", rpm:\"nodejs-npm-user-validate~0.0.3~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866087", "type": "openvas", "title": "Fedora Update for nodejs-vows FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-vows FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866087\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:24:10 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-vows FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-vows on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112151.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-vows'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-vows\", rpm:\"nodejs-vows~0.7.0~6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-08-01T00:00:00", "id": "OPENVAS:1361412562310866135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866135", "type": "openvas", "title": "Fedora Update for nodejs-config-chain FEDORA-2013-11780", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nodejs-config-chain FEDORA-2013-11780\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866135\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-08-01 18:27:58 +0530 (Thu, 01 Aug 2013)\");\n script_cve_id(\"CVE-2013-4116\");\n script_tag(name:\"cvss_base\", value:\"3.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Fedora Update for nodejs-config-chain FEDORA-2013-11780\");\n\n\n script_tag(name:\"affected\", value:\"nodejs-config-chain on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112123.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nodejs-config-chain'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"nodejs-config-chain\", rpm:\"nodejs-config-chain~1.1.7~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "The logger utility that npm uses. This logger is very basic. It does the logging for npm. It supports custom levels and colored output. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:B2810211FD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-npmlog-0.0.4-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "A tiny simple way to do classic inheritance in JavaScript. This is the legacy version used by many Node.js modules for many years, and is retained for backward compatibility. New modules should use the inheritance functionality available in core Node.js or use the new version of inherits if they need browser support as well. ", "modified": "2013-07-23T01:02:22", "published": "2013-07-23T01:02:22", "id": "FEDORA:EA234211EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-inherits1-1.0.0-11.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Provides advanced file system stream objects for Node.js. These objects are like FS streams, but with stat on them, and support directories and symbolic links, as well as normal files. Also, you can use them to set the stats on a file, even if you don't change its contents, or to create a symlink, etc. ", "modified": "2013-07-23T01:04:54", "published": "2013-07-23T01:04:54", "id": "FEDORA:464E4219AC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: nodejs-fstream-0.1.23-1.fc19", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Node-CType is a way to read and write binary data in a structured and easy to use format. Its name comes from the C header file. There are two APIs that you can use, depending on what abstraction you'd li ke. The low level API lets you read and write individual integers and floats fr om buffers. The higher level API lets you read and write structures of these. ", "modified": "2013-07-23T01:02:23", "published": "2013-07-23T01:02:23", "id": "FEDORA:82A4C21266", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-ctype-0.5.3-3.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "This package contains some general purpose Node.js utilities, including utilities for working with objects, timers, binary encoding/decoding, escap ing characters, errors, and loading files. ", "modified": "2013-07-23T01:02:24", "published": "2013-07-23T01:02:24", "id": "FEDORA:4CF47211F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-hoek-0.9.1-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "The semantic version comparison library for the Node.js package manager (np m). ", "modified": "2013-07-23T01:04:54", "published": "2013-07-23T01:04:54", "id": "FEDORA:9E29E219AC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: nodejs-semver-2.0.10-1.fc19", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Client for the npm registry, or private servers using the npm registry soft ware. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:7F8F921207", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-npm-registry-client-0.2.27-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "A module to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications. ", "modified": "2013-07-23T01:02:24", "published": "2013-07-23T01:02:24", "id": "FEDORA:14A7F211F0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-form-data-0.0.10-1.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "Provides access to V8's \"raw\" CallSites from Node.js. This is useful for custom traces, C-style assertions, getting the line numb er in execution, and more. ", "modified": "2013-07-23T01:02:22", "published": "2013-07-23T01:02:22", "id": "FEDORA:CC673211EA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-callsite-1.0.0-2.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4116"], "description": "A tiny simple way to do classic inheritance in js. ", "modified": "2013-07-23T01:02:25", "published": "2013-07-23T01:02:25", "id": "FEDORA:0FF79211EF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: nodejs-inherits-2.0.0-3.fc18", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "github": [{"lastseen": "2020-09-01T19:57:38", "bulletinFamily": "software", "cvelist": ["CVE-2013-4116"], "description": "Affected versions of `npm` use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the `npm` process has permission to write to, potentially resulting in local privilege escalation.\n\n\n\n## Recommendation\n\nUpdate to version 1.3.3 or later.", "edition": 1, "modified": "2020-09-01T16:03:34", "published": "2020-09-01T16:03:34", "id": "GHSA-V3JV-WRF4-5845", "href": "https://github.com/advisories/GHSA-v3jv-wrf4-5845", "title": "Local Privilege Escalation in npm", "type": "github", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:53", "description": "This update provides the latest npm and updates its dependencies. It\nalso fixes a minor security bug.\n\nFor more information about recent changes in npm, see the changelog at\nGitHub: https://github.com/isaacs/npm/commits/v1.3.3\n\nAdditionally, this update restricts all included packages to only the\narchitectures supported by the V8 JavaScript runtime.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-07-23T00:00:00", "title": "Fedora 18 : nodejs-normalize-package-data-0.2.0-1.fc18 / node-gyp-0.10.6-1.fc18 / etc (2013-11780)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4116"], "modified": "2013-07-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nodejs-ansi", "p-cpe:/a:fedoraproject:fedora:nodejs-couch-login", "cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:nodejs-hawk", "p-cpe:/a:fedoraproject:fedora:nodejs-read-package-json", "p-cpe:/a:fedoraproject:fedora:nodejs-npmlog", "p-cpe:/a:fedoraproject:fedora:nodejs-better-assert", "p-cpe:/a:fedoraproject:fedora:nodejs-fstream-ignore", "p-cpe:/a:fedoraproject:fedora:nodejs-http-signature", "p-cpe:/a:fedoraproject:fedora:nodejs-npm-registry-client", "p-cpe:/a:fedoraproject:fedora:nodejs-aws-sign", "p-cpe:/a:fedoraproject:fedora:nodejs-inherits", "p-cpe:/a:fedoraproject:fedora:npm", "p-cpe:/a:fedoraproject:fedora:nodejs-child-process-close", "p-cpe:/a:fedoraproject:fedora:nodejs-rimraf", "p-cpe:/a:fedoraproject:fedora:nodejs-init-package-json", "p-cpe:/a:fedoraproject:fedora:nodejs-request", "p-cpe:/a:fedoraproject:fedora:nodejs-oauth-sign", "p-cpe:/a:fedoraproject:fedora:nodejs-tunnel-agent", "p-cpe:/a:fedoraproject:fedora:nodejs-cmd-shim", "p-cpe:/a:fedoraproject:fedora:nodejs-form-data", "p-cpe:/a:fedoraproject:fedora:nodejs-normalize-package-data", "p-cpe:/a:fedoraproject:fedora:nodejs-cryptiles", "p-cpe:/a:fedoraproject:fedora:nodejs-npm-user-validate", "p-cpe:/a:fedoraproject:fedora:nodejs-sha", "p-cpe:/a:fedoraproject:fedora:node-gyp", "p-cpe:/a:fedoraproject:fedora:nodejs-json-stringify-safe", "p-cpe:/a:fedoraproject:fedora:nodejs-slide", "p-cpe:/a:fedoraproject:fedora:nodejs-npmconf", "p-cpe:/a:fedoraproject:fedora:nodejs-hoek", "p-cpe:/a:fedoraproject:fedora:nodejs-fstream-npm", "p-cpe:/a:fedoraproject:fedora:nodejs-read-installed", "p-cpe:/a:fedoraproject:fedora:nodejs-forever-agent", "p-cpe:/a:fedoraproject:fedora:nodejs-vows", "p-cpe:/a:fedoraproject:fedora:nodejs-sntp", "p-cpe:/a:fedoraproject:fedora:nodejs-boom", "p-cpe:/a:fedoraproject:fedora:nodejs-asn1", "p-cpe:/a:fedoraproject:fedora:nodejs-config-chain", "p-cpe:/a:fedoraproject:fedora:nodejs-lockfile", "p-cpe:/a:fedoraproject:fedora:nodejs-graceful-fs", "p-cpe:/a:fedoraproject:fedora:nodejs-glob", "p-cpe:/a:fedoraproject:fedora:nodejs-semver", "p-cpe:/a:fedoraproject:fedora:nodejs-github-url-from-git", "p-cpe:/a:fedoraproject:fedora:nodejs-ctype", "p-cpe:/a:fedoraproject:fedora:nodejs-editor", "p-cpe:/a:fedoraproject:fedora:nodejs-inherits1", "p-cpe:/a:fedoraproject:fedora:nodejs-fstream", "p-cpe:/a:fedoraproject:fedora:nodejs-callsite", "p-cpe:/a:fedoraproject:fedora:nodejs-cookie-jar", "p-cpe:/a:fedoraproject:fedora:nodejs-tap"], "id": "FEDORA_2013-11780.NASL", "href": "https://www.tenable.com/plugins/nessus/68999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-11780.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68999);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4116\");\n script_bugtraq_id(61083);\n script_xref(name:\"FEDORA\", value:\"2013-11780\");\n\n script_name(english:\"Fedora 18 : nodejs-normalize-package-data-0.2.0-1.fc18 / node-gyp-0.10.6-1.fc18 / etc (2013-11780)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update provides the latest npm and updates its dependencies. It\nalso fixes a minor security bug.\n\nFor more information about recent changes in npm, see the changelog at\nGitHub: https://github.com/isaacs/npm/commits/v1.3.3\n\nAdditionally, this update restricts all included packages to only the\narchitectures supported by the V8 JavaScript runtime.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=921649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=927575\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=948659\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=953051\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=954280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=954281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=968919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=973968\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=976984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=983918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=984202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=985305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/isaacs/npm/commits/v1.3.3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4e8aeb8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112116.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27860245\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a10c181\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112118.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0880609c\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112119.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?380f04a8\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112120.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6f978c5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112121.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b883b6ca\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112122.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eedc3937\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112123.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?666e422f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112124.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae21bffa\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112125.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?729dac04\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de74e9bd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112127.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0849f1c4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112128.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77cc1ea6\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112129.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8573e9fd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112130.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1289a3cb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112131.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a49b6103\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112132.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?98b7bfa4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112133.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2338c216\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112134.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f663137\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112135.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?efd714a3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cca3a991\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112137.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?909902ab\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112138.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbccf294\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112139.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?488df08b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112140.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?404d2626\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112141.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d23ae24d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112142.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f8138075\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112143.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?49750b8e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112144.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3488e88a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112145.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1bd590ae\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b1120a7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112147.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55adbc9d\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112148.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?73ab8d5f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112149.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7cd5d058\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112150.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dc211c5\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112151.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e5afd8e\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112152.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5fb7601b\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112153.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b48814bf\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112154.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e3e7c03\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112155.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80da6dc1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112156.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c61fddc\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112157.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?166cb418\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25f56e08\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112159.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e26cadcb\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112160.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2be6707a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112161.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8d07ba1f\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112162.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5cf9badd\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/112163.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?116f3c94\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:node-gyp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-ansi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-asn1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-aws-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-better-assert\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-boom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-callsite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-child-process-close\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-cmd-shim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-config-chain\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-cookie-jar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-couch-login\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-cryptiles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-ctype\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-editor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-forever-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-form-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-fstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-fstream-ignore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-fstream-npm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-github-url-from-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-glob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-graceful-fs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-hawk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-hoek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-http-signature\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-inherits\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-inherits1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-init-package-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-json-stringify-safe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-lockfile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-normalize-package-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-npm-registry-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-npm-user-validate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-npmconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-npmlog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-oauth-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-read-installed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-read-package-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-request\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-rimraf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-semver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-sha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-slide\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-sntp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-tap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-tunnel-agent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nodejs-vows\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:npm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/04/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"node-gyp-0.10.6-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-ansi-0.2.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-asn1-0.1.11-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-aws-sign-0.3.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-better-assert-1.0.0-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-boom-0.4.2-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-callsite-1.0.0-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-child-process-close-0.1.1-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-cmd-shim-1.1.0-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-config-chain-1.1.7-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-cookie-jar-0.3.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-couch-login-0.1.17-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-cryptiles-0.2.1-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-ctype-0.5.3-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-editor-0.0.4-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-forever-agent-0.5.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-form-data-0.0.10-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-fstream-0.1.23-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-fstream-ignore-0.0.7-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-fstream-npm-0.1.5-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-github-url-from-git-1.1.1-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-glob-3.2.3-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-graceful-fs-2.0.0-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-hawk-0.15.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-hoek-0.9.1-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-http-signature-0.10.0-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-inherits-2.0.0-3.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-inherits1-1.0.0-11.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-init-package-json-0.0.10-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-json-stringify-safe-5.0.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-lockfile-0.4.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-normalize-package-data-0.2.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-npm-registry-client-0.2.27-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-npm-user-validate-0.0.3-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-npmconf-0.1.1-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-npmlog-0.0.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-oauth-sign-0.3.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-read-installed-0.2.2-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-read-package-json-1.1.0-2.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-request-2.21.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-rimraf-2.2.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-semver-2.0.10-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-sha-1.0.1-4.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-slide-1.1.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-sntp-0.2.4-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-tap-0.4.1-6.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-tunnel-agent-0.3.0-1.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"nodejs-vows-0.7.0-6.fc18\")) flag++;\nif (rpm_check(release:\"FC18\", reference:\"npm-1.3.3-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"node-gyp / nodejs-ansi / nodejs-asn1 / nodejs-aws-sign / etc\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P"}}]}
